9479fa237011acbbad230aaa5549c278_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9479fa237011acbbad230aaa5549c278_JaffaCakes118
Size

706KB
MD5

9479fa237011acbbad230aaa5549c278
SHA1

ccc05706ab49d5581a522bcf8395aca4e733f1b9
SHA256

9936aecb4c1cd1890aebd2216d7d6202e13eb82650e3d12462cfc2a9ffbfd4cb
SHA512

c58c9b53b77351167dbb61cdf44f9f7860f21be4313348555bae0109bbf2cf533f97ab58c9c105d9eef8010efa322228eac8ce237594627b9cb1bf4483687536
SSDEEP

12288:2Dl9f2KRyshs8tv1Bc1eiQTj1ruDZV7DMGos91qU4fd2Nkg:2Dl9QCBDc1e9j9uv7DMGoQ1Od

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9479fa237011acbbad230aaa5549c278_JaffaCakes118

Files

9479fa237011acbbad230aaa5549c278_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b83bc2bb3866fef14846e75ad688b690

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
LookupAccountSidA
CryptGetHashParam
RegCreateKeyExW
RegReplaceKeyW
RegDeleteValueA

kernel32

HeapFree
SetLastError
GetTimeFormatA
GetLongPathNameA
GetCommandLineW
FreeEnvironmentStringsA
VirtualFree
SetFilePointer
GetVersionExA
InterlockedExchange
EnumSystemLocalesA
SetEnvironmentVariableA
FreeLibrary
MultiByteToWideChar
SetStdHandle
GetCurrentProcess
GetACP
WriteFile
GetLocaleInfoA
SetUnhandledExceptionFilter
GetLocaleInfoW
HeapDestroy
WideCharToMultiByte
OutputDebugStringA
GetStartupInfoW
RaiseException
WriteConsoleW
GetStdHandle
IsValidLocale
SetConsoleCtrlHandler
MoveFileW
GetProcAddress
GetStringTypeW
InterlockedIncrement
GetSystemTimeAsFileTime
FlushFileBuffers
GetDateFormatA
TerminateProcess
LCMapStringW
WriteConsoleA
CreateMutexA
ReadFile
GetCurrentThreadId
OpenMutexA
GetCPInfo
CompareStringW
GetFileType
GetCurrentProcessId
GetProcessHeap
HeapAlloc
ExitProcess
GetCommandLineA
TlsSetValue
InterlockedDecrement
GetStringTypeA
IsBadReadPtr
TlsGetValue
GetEnvironmentStrings
CompareStringA
GetLastError
GetTickCount
IsValidCodePage
EnterCriticalSection
GetModuleHandleA
InitializeCriticalSection
VirtualQuery
IsDebuggerPresent
LoadLibraryW
TlsAlloc
VirtualAlloc
TlsFree
lstrcmpiW
CompareFileTime
WritePrivateProfileStringW
LeaveCriticalSection
DebugBreak
GetEnvironmentStringsW
GetModuleFileNameA
HeapValidate
lstrlenA
LockFile
GetModuleFileNameW
GetUserDefaultLCID
UnhandledExceptionFilter
GetOEMCP
LoadLibraryA
GetStartupInfoA
QueryPerformanceCounter
GetConsoleMode
DeleteCriticalSection
SetHandleCount
GetTimeZoneInformation
CreateFileA
CloseHandle
GetPrivateProfileSectionA
RtlUnwind
GetConsoleOutputCP
HeapReAlloc
HeapCreate
GetCurrentThread
FreeEnvironmentStringsW
OutputDebugStringW
LCMapStringA
GetConsoleCP

user32

GetClipboardViewer
RegisterClassA
InsertMenuItemW
DdeQueryNextServer
RegisterClassExA
GetClipCursor
CheckRadioButton
SetMenuContextHelpId
EnumDisplaySettingsW
SetScrollPos
SwitchToThisWindow
LoadAcceleratorsA
SetWindowPlacement
DeleteMenu
CreateDialogParamW
RemoveMenu

comctl32

InitCommonControlsEx

Sections

.text
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b83bc2bb3866fef14846e75ad688b690

Headers

File Characteristics

Imports

advapi32

kernel32

user32

comctl32

Sections

.text Size: 321KB - Virtual size: 321KB

.rdata Size: 46KB - Virtual size: 66KB

.data Size: 318KB - Virtual size: 317KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 321KB - Virtual size: 321KB

.rdata
Size: 46KB - Virtual size: 66KB

.data
Size: 318KB - Virtual size: 317KB

.rsrc
Size: 19KB - Virtual size: 18KB