a3bf8d486c59790167a8d19f5e68ba53_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3bf8d486c59790167a8d19f5e68ba53_JaffaCakes118
Size

316KB
MD5

a3bf8d486c59790167a8d19f5e68ba53
SHA1

7e567ed5797aea559471cf736d14e3561d4476c2
SHA256

c25ba627098e471ec2db8aeb7daaef6dab2c604e9254738e87a65d853fbf56c9
SHA512

9e1d1818b591aff04611650c2faeb5d17985e2303b60ac67dd48b4dbb38595eef3e234f248897fa2dd5e16d398f66606c4ca70fa5dffb3d030e19fbaf172535e
SSDEEP

6144:C0Lnnjs+xYAQCUmF+mkztcKjjsBwOcytPZSnApLSXHK6:CijyTC+mkxHsKQtBSApLSXx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3bf8d486c59790167a8d19f5e68ba53_JaffaCakes118

Files

a3bf8d486c59790167a8d19f5e68ba53_JaffaCakes118
.exe windows:5 windows x86 arch:x86

63c8ca527c6242b5971cc787a7513036

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
WriteFile
CreateFileA
lstrcatA
FindAtomA
GetTempFileNameA
lstrcmpA
GetTempPathA
lstrlenA
GetLastError
ExitProcess
VirtualAlloc
GlobalAlloc
FreeLibrary
LoadLibraryA
VirtualQueryEx
GetThreadContext
CreateProcessA
GlobalFree
TerminateProcess
GetCurrentThreadId
VirtualFree
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetLocaleInfoA
HeapSize
HeapReAlloc
HeapAlloc
IsValidCodePage
lstrcpyA
OpenProcess
GetModuleHandleA
ResumeThread
GetProcAddress
GetCommandLineA
GetStartupInfoA
RtlUnwind
VirtualQuery
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP

user32

GetCursorPos
EqualRect
InflateRect
IsWindowVisible
ClientToScreen
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
wsprintfA
FindWindowA
GetWindowThreadProcessId
GetFocus
CloseDesktop
GetWindowRect

shell32

ShellExecuteA

shlwapi

SHGetValueA

advapi32

CreateProcessAsUserA

gdi32

GetBkMode
GetBkColor

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63c8ca527c6242b5971cc787a7513036

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

advapi32

gdi32

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 267KB - Virtual size: 270KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 267KB - Virtual size: 270KB