a5890a13eb5b9342839209500ce61f01_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5890a13eb5b9342839209500ce61f01_JaffaCakes118
Size

1.9MB
MD5

a5890a13eb5b9342839209500ce61f01
SHA1

29c89ca3108f18de7968ccb3d5acbfc5baa170bb
SHA256

ebaa681eeee198ceaaa5de8795c9759cd3b17025e89150393e6d3cbe13f8ce13
SHA512

a6f296b80ba14ef9b568ea977f9a88cf024b3644deff2cb79ef391e7af3d14b4b61c6205acb48f4dfeeec91669d9e0b3cf0b15ed55843991336086c351293bd5
SSDEEP

49152:vSM+YyLlXVVK+CSHB71+P0Mh8L7rNeWcPALE8AdgZs:KrwO7MP0Mh8L72PAE8Ad1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5890a13eb5b9342839209500ce61f01_JaffaCakes118

Files

a5890a13eb5b9342839209500ce61f01_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7cac01592fd64b98b4e85bc05f55be27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindow

kernel32

GetLastError
GetModuleHandleA
LoadLibraryW
GetTickCount
GetSystemTimeAsFileTime
LocalFree
CreateThread
GetCurrentThreadId
GetModuleFileNameA
lstrlenA
ExitProcess
GetVersion
VirtualAlloc
GetCurrentProcess
GetCommandLineA
HeapAlloc
FreeLibrary
InitializeCriticalSection
VirtualFree
GetModuleFileNameA
CreateMutexA
GetCurrentProcess
GetConsoleOutputCP
DelayLoadFailureHook
ExitProcess
IsDebuggerPresent
ExpandEnvironmentStringsW
GetTempFileNameW
SetFileAttributesW
GetModuleHandleA
WaitForSingleObject
GetLastError
GetVersion
GetCommandLineA
VirtualFree
FindFirstFileA
VirtualAlloc
GlobalReAlloc
GetTickCount

gdi32

CreateFontIndirectA
GetTextExtentPointA
AngleArc
RectVisible
ExtCreateRegion
GetNearestColor
ExtTextOutW
CreateDCW
MoveToEx
AngleArc
SetWindowOrgEx
GetObjectW
GetTextMetricsW
CreatePalette
RestoreDC

version

GetFileVersionInfoA
VerQueryValueA

msvcrt

_controlfp
_wcsnicmp
wcslen
__CxxFrameHandler
__dllonexit
_vsnwprintf

advapi32

RegOpenKeyExW
RegCloseKey
OpenProcessToken
InitializeSecurityDescriptor
RegCreateKeyExW
RegEnumKeyExW
SetSecurityDescriptorDacl
RegQueryValueExA
RegQueryValueExW

ntdll

RtlRunEncodeUnicodeString
NtFreeVirtualMemory
RtlUnicodeToMultiByteN
RtlCreateAcl
RtlDeleteCriticalSection
NtCreateEvent
NtQueryDirectoryFile
NtWaitForSingleObject
RtlLookupElementGenericTable
NtQueryObject

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 811KB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 834KB - Virtual size: 836KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7cac01592fd64b98b4e85bc05f55be27

Headers

File Characteristics

Imports

user32

kernel32

gdi32

version

msvcrt

advapi32

ntdll

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 239KB - Virtual size: 241KB

.edata Size: 811KB - Virtual size: 6.1MB

.idata Size: 834KB - Virtual size: 836KB

.gdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 74KB - Virtual size: 74KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 239KB - Virtual size: 241KB

.edata
Size: 811KB - Virtual size: 6.1MB

.idata
Size: 834KB - Virtual size: 836KB

.gdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 74KB - Virtual size: 74KB