a05cf9a1e83e58418957c6981c79a142_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a05cf9a1e83e58418957c6981c79a142_JaffaCakes118
Size

426KB
MD5

a05cf9a1e83e58418957c6981c79a142
SHA1

8151297de5b913262fc8d93d26e1e0a3f63026c1
SHA256

27146fd9ea3a8a0ed5e55f8227c56281ec608a4cd2b5fb629f377ce722a32e2e
SHA512

6b97406bfc7dd353a658d68aff9595034b4aed55f6bb5ec399668108cb8cb633cc40389b9144043675590a5026ef43d9bc89a5890fa99e8ddca81f55cc56086f
SSDEEP

12288:mcowOKPEEWYe55MwmtZwE02bC44OUlkCVxQ:m/GPjg+wm4E02bF4OUOCo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a05cf9a1e83e58418957c6981c79a142_JaffaCakes118

Files

a05cf9a1e83e58418957c6981c79a142_JaffaCakes118
.exe windows:4 windows x86 arch:x86

852f360c897893db58de892a051e019b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeDisplayNameA
CryptSetProviderW
CryptGetKeyParam
CryptEncrypt
CryptDeriveKey
CryptDestroyKey

shell32

SheSetCurDrive
ExtractIconExA
DragAcceptFiles
DuplicateIcon
ShellExecuteExA
SHGetPathFromIDList
SHEmptyRecycleBinA
ShellAboutW
SHFileOperationW
SHQueryRecycleBinA
ShellExecuteW
SheChangeDirExW
SHGetDataFromIDListA
SHBrowseForFolderW
InternalExtractIconListW
ExtractIconW
SHInvokePrinterCommandW
SHGetDesktopFolder
ExtractAssociatedIconW
ShellAboutA
ExtractAssociatedIconExW
ShellExecuteEx

user32

DdeSetUserHandle

gdi32

MaskBlt
PathToRegion
GetRandomRgn
CreateEnhMetaFileA
CreateDCA
SetMapMode
StartDocW
GetEnhMetaFileBits
GetViewportOrgEx

kernel32

GetOEMCP
LeaveCriticalSection
GetAtomNameA
VirtualFree
MultiByteToWideChar
GetLastError
GetStringTypeA
GetTimeFormatA
GetSystemTimeAsFileTime
SetLastError
GetCPInfo
GlobalAddAtomW
FreeLibrary
CompareStringA
EnumSystemLocalesA
WideCharToMultiByte
GetTickCount
InterlockedDecrement
IsValidCodePage
SetEnvironmentVariableA
GetCurrentThread
GetCommandLineA
CreateNamedPipeA
TlsSetValue
HeapFree
GetModuleFileNameA
TlsGetValue
GetPrivateProfileStringW
GetModuleHandleA
HeapCreate
VirtualQuery
GetModuleHandleW
HeapAlloc
HeapLock
GetCalendarInfoW
CompareStringW
IsValidLocale
SetUnhandledExceptionFilter
GetVolumeInformationA
UnhandledExceptionFilter
HeapDestroy
Sleep
GetModuleFileNameW
InterlockedExchange
LoadLibraryA
TlsFree
HeapValidate
InterlockedIncrement
LCMapStringW
OpenMutexW
GetDiskFreeSpaceW
HeapReAlloc
GetProcAddress
FreeEnvironmentStringsW
GetStdHandle
GetDateFormatA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetACP
VirtualAlloc
GetEnvironmentStringsW
IsDebuggerPresent
LocalAlloc
SetConsoleCP
WriteFile
TlsAlloc
QueryPerformanceCounter
EnterCriticalSection
RtlUnwind
GetTimeZoneInformation
GetCurrencyFormatW
GetFileType
SetStdHandle
HeapSize
DeleteCriticalSection
GetStringTypeW
GetCurrentProcessId
GetCurrentProcess
WriteProfileStringW
GetStartupInfoA
SetConsoleCtrlHandler
LCMapStringA
GetCommandLineW
GetStartupInfoW
SetHandleCount
GetLocaleInfoA
ExitProcess
TerminateProcess
GetCurrentThreadId

wininet

DeleteUrlCacheContainerW
InternetGetConnectedStateExA
InternetGetLastResponseInfoA
HttpOpenRequestA

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

852f360c897893db58de892a051e019b

Headers

File Characteristics

Imports

advapi32

shell32

user32

gdi32

kernel32

wininet

Sections

.text Size: 140KB - Virtual size: 140KB

.data Size: 278KB - Virtual size: 289KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 140KB - Virtual size: 140KB

.data
Size: 278KB - Virtual size: 289KB

.rsrc
Size: 6KB - Virtual size: 6KB