9689f0719ea164e7123ce26c52fa3811_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9689f0719ea164e7123ce26c52fa3811_JaffaCakes118
Size

194KB
MD5

9689f0719ea164e7123ce26c52fa3811
SHA1

0210a00e656c8fb3c8570034acd722b8072df169
SHA256

8df5954ca251e075c9d296c9cf79d0901d47de1db1c3425f48501de265ccfb50
SHA512

2a3c6e253670418216bc04153d4cbc73cebc9077e3b34ec2350425983307e98c51f850bb4ac00b37b3d537ef3ecfb52f13ec67562702f04db98d9824845b9afc
SSDEEP

6144:y7Wfn/5aaP5wJsNqOs/cW9QJiJiRj47d8dHkY:oiEaxAbZkW9Uy/mdE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9689f0719ea164e7123ce26c52fa3811_JaffaCakes118

Files

9689f0719ea164e7123ce26c52fa3811_JaffaCakes118
.exe windows:4 windows x86 arch:x86

228d22df98e537d72d0199d3123178c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

imagehlp

ImageNtHeader
ImageGetDigestStream
ImageRvaToVa
ImageDirectoryEntryToData

kernel32

GetVersionExA
HeapAlloc
AreFileApisANSI
FindNextFileW
HeapSize
SetEndOfFile
SetFilePointer
EndUpdateResourceW
BeginUpdateResourceW
RaiseException
_lclose
GetTempFileNameW
LoadLibraryExA
_llseek
FormatMessageW
InterlockedExchange
GetOEMCP
LockResource
GetEnvironmentVariableA
FindFirstFileW
MultiByteToWideChar
CreateFiberEx
FindClose
WriteFile
DeleteFileA
SetFileAttributesA
TerminateProcess
LoadLibraryA
GetLastError
EscapeCommFunction
GetFileSize
CloseHandle
OutputDebugStringA
CopyFileA
SizeofResource
lstrlenW
EnumResourceLanguagesW
QueryPerformanceCounter
CreateFileMappingA
RemoveDirectoryW
GetFullPathNameW
DebugBreak
GlobalAlloc
HeapReAlloc
EnumResourceNamesW
FreeResource
lstrlenA
_lwrite
lstrcmpiA
UpdateResourceW
GetTempPathW
GetVersionExW
InterlockedDecrement
WideCharToMultiByte
EnumResourceTypesW
EnumResourceNamesA
LoadResource
GlobalUnlock
GetCurrentThreadId
InitializeCriticalSection
GetFileInformationByHandle
GetCurrentProcess
ReadFile
FindResourceW
FreeLibrary
DeleteCriticalSection
CreateDirectoryW
HeapDestroy
FindFirstFileA
GetStringTypeExW
GetFileAttributesW
SetFileAttributesW
GetCurrentDirectoryW
UnmapViewOfFile
SetUnhandledExceptionFilter
FatalExit
InterlockedIncrement
GetTickCount
MapViewOfFile
InterlockedCompareExchange
CreateFileW
GlobalLock
GetProcessHeap
GetVersion
GetProcAddress
LoadLibraryExW
SetLastError
GlobalFree
GetSystemTimeAsFileTime
GetThreadLocale
UnhandledExceptionFilter
ExitProcess
GetCommandLineW
MoveFileW
GetLocaleInfoA
HeapFree
_lread
GetFileAttributesA
GetSystemDirectoryA
FindNextFileA
GetFullPathNameA
GetACP
IsDebuggerPresent
CreateFileA
GetModuleHandleW
Sleep
LocalFree
LeaveCriticalSection
FindResourceExW
RemoveDirectoryA
DeleteFileW
EnterCriticalSection
GetCurrentProcessId
CreateDirectoryA
CopyFileW
lstrcpyA

shell32

CommandLineToArgvW

msvfw32

ICInfo

psapi

GetProcessMemoryInfo

user32

MonitorFromWindow
CharNextA
wsprintfW
CharNextW

advapi32

CryptGetHashParam
CryptCreateHash
CryptAcquireContextA
CryptHashData
CryptReleaseContext
CryptDestroyHash

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

228d22df98e537d72d0199d3123178c2

Headers

File Characteristics

Imports

imagehlp

kernel32

shell32

msvfw32

psapi

user32

advapi32

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 16KB

.lib Size: 512B - Virtual size: 216KB

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 16KB

.lib
Size: 512B - Virtual size: 216KB