a268a2f4ee3fd787a53c2a50d80bad9c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a268a2f4ee3fd787a53c2a50d80bad9c_JaffaCakes118
Size

490KB
MD5

a268a2f4ee3fd787a53c2a50d80bad9c
SHA1

36565780b38e776dd76628b7227590e45b9fe857
SHA256

0a57a113065fb3109494822460e8b77ffbd36a61086f2184927d7b4f0fc0389e
SHA512

f814c1674c805a0c156aa3e5a1741fd82d6f2f89f71d3bc9e710cef4b88b1df0fd1921f83d8f63b4664411f90fc01b4d84d34950c0b116f8a67d20594208a9d3
SSDEEP

12288:6FT9xsp60OjH0lA5V2B4zEFQ15HA7S9dwZGI:6FT9xss0Oj63m1kS9+ZG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a268a2f4ee3fd787a53c2a50d80bad9c_JaffaCakes118

Files

a268a2f4ee3fd787a53c2a50d80bad9c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e0d375919b6dc807a3306cfede605ded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExA

kernel32

GetProcessHeap
Sleep
GetFileAttributesA
GetModuleHandleA
DeleteFileA
WriteFile
lstrcpyA
lstrlenA
WaitForSingleObject
SleepEx
OpenProcess
GetExitCodeProcess
CreateProcessA
TerminateProcess
CreateDirectoryA
lstrcmpiA
GetModuleFileNameA
GetFileSize
SetFilePointer
ReadFile
LoadLibraryExA
GetComputerNameA
GetVolumeInformationA
LocalFree
GetLocalTime
GetVersionExA
MoveFileExA
lstrcatA
GetFullPathNameA
DosDateTimeToFileTime
HeapFree
GetFileTime
LocalFileTimeToFileTime
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
IsValidCodePage
GetOEMCP
GetACP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapSize
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
OpenMutexA
HeapAlloc
CreateFileA
OpenFileMappingA
CloseHandle
CreateToolhelp32Snapshot
CreateFileMappingA
Process32Next
LoadLibraryA
GetProcAddress
GetLastError
WideCharToMultiByte
ExpandEnvironmentStringsA
Process32First
InterlockedDecrement
GetCPInfo
FreeLibrary
lstrcpynA
MapViewOfFile
LCMapStringA
SetFileTime
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEndOfFile
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
GetStdHandle
SetHandleCount
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
ExitProcess
GetFileType
GetConsoleCP
GetConsoleMode
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TlsGetValue
LCMapStringW

user32

FindWindowA
IsWindow
SendMessageA
EndPaint
GetMessageA
GetClassNameA
RegisterClassExA
GetWindowThreadProcessId
LoadStringA
BeginPaint
TranslateMessage
CreateWindowExA
TranslateAcceleratorA
PostQuitMessage
DefWindowProcA
LoadAcceleratorsA
ShowWindow
DispatchMessageA
IsWindowVisible
UpdateWindow
EnumWindows

advapi32

ConvertSidToStringSidA
LookupAccountNameA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
OpenServiceA

shell32

SHGetFolderPathA

oleaut32

VariantClear

shlwapi

PathFileExistsA
StrStrIA
wnsprintfA
StrToIntA
StrChrA
SHDeleteKeyA
StrNCatA

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0d375919b6dc807a3306cfede605ded

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

advapi32

shell32

oleaut32

shlwapi

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 15KB - Virtual size: 25KB

.cdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 306KB - Virtual size: 305KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 15KB - Virtual size: 25KB

.cdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 306KB - Virtual size: 305KB

.reloc
Size: 10KB - Virtual size: 10KB