a19fdf17f648388c26b301d17cf9cf93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a19fdf17f648388c26b301d17cf9cf93_JaffaCakes118
Size

2.4MB
MD5

a19fdf17f648388c26b301d17cf9cf93
SHA1

07b6db1e2938b240e70927f2f84af8fff7e45bf6
SHA256

b69897d8e5a699c6c065a528269f79e089b0aa6c96e916e320ad65fa08f993ed
SHA512

9dae5ed460123331f00c39ad87e142873dc45fae3fec5f5fcbfb2187fa591272ae2bcb45bfcc732108b8f73981ffa19ac844e5a127a37a4d404bad22ca400e31
SSDEEP

24576:CUoxUBknMJtcXP3bTystl08xA2BzEah9AN3ocAFdFqgKkO0BqjaXfuL:CtxUJY2RMgIOP2dcgKkO0BjXfi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a19fdf17f648388c26b301d17cf9cf93_JaffaCakes118

Files

a19fdf17f648388c26b301d17cf9cf93_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d1a5d4bdcab646aeb47f9034d4d6ce08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetGetConnectionW
WNetGetLastErrorW

shell32

ShellExecuteExW

kernel32

SetUnhandledExceptionFilter
MultiByteToWideChar
IsProcessorFeaturePresent
HeapReAlloc
HeapAlloc
GetProcAddress
GetVersion
LocalAlloc
VirtualAlloc
GetCurrentProcess
GetCurrentThreadId
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
SetFilePointer
CloseHandle
SystemTimeToFileTime
TlsAlloc
CreateEventW
GetModuleHandleW
CreateProcessW
GetStartupInfoW
FindResourceW
CreateDirectoryW
QueryPerformanceCounter
LCMapStringW
GetLocaleInfoW
HeapSize
WideCharToMultiByte
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
Sleep
HeapFree
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
GetCommandLineW
HeapSetInformation
GetStringTypeW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EncodePointer
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

oleaut32

LoadTypeLi
VarNeg
VarBstrFromCy
VarDateFromStr
VarR8FromStr
RegisterTypeLi
VariantInit
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayRedim
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
VariantCopy

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eg9pl8
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1a5d4bdcab646aeb47f9034d4d6ce08

Headers

File Characteristics

Imports

mpr

shell32

kernel32

oleaut32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 64.7MB

.eg9pl8 Size: 369KB - Virtual size: 368KB

.rsrc Size: 367KB - Virtual size: 367KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 64.7MB

.eg9pl8
Size: 369KB - Virtual size: 368KB

.rsrc
Size: 367KB - Virtual size: 367KB