a85290eb2362402c91d3b3e9bebebd70_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a85290eb2362402c91d3b3e9bebebd70_JaffaCakes118
Size

125KB
MD5

a85290eb2362402c91d3b3e9bebebd70
SHA1

9227a67e10bf8a02c1166924464880a517fbab9e
SHA256

eefff89c440ac0f669164bd8bd5b662a68191e693be4c23da2b910becee68fa6
SHA512

9afd9ec0708ac339bdbbdeb8929f207af12e0362dc81f545a110f0d6ed0a99ad3daaa3ff3c7ccdfa0f497aafe113c32e1e03e7ec3d7c273b052e9f9744a6ce04
SSDEEP

3072:LchxIUNZuK7h6mLMc4iVibQ/TX16VQqaUmH8nZF:LchxIU7P7hH46t/TX16VNUUZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a85290eb2362402c91d3b3e9bebebd70_JaffaCakes118

Files

a85290eb2362402c91d3b3e9bebebd70_JaffaCakes118
.exe windows:1 windows x86 arch:x86

ae828f1be0be5a868da3c1ba17c8e02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueA

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetACP
GetCPInfo
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetEnvironmentStrings
GetExitCodeProcess
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetTimeZoneInformation
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LocalAlloc
LocalFree
MoveFileA
MultiByteToWideChar
OpenProcess
RaiseException
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SleepEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WideCharToMultiByte
WriteFile
lstrcatA

user32

EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sbljmtf
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae828f1be0be5a868da3c1ba17c8e02a

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 11KB - Virtual size: 28KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

.reloc Size: 31KB - Virtual size: 32KB

sbljmtf Size: 32KB - Virtual size: 33KB

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 11KB - Virtual size: 28KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.reloc
Size: 31KB - Virtual size: 32KB

sbljmtf
Size: 32KB - Virtual size: 33KB