a5e92f1abb352f8fcf86b73451a5b524_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a5e92f1abb352f8fcf86b73451a5b524_JaffaCakes118
Size

205KB
MD5

a5e92f1abb352f8fcf86b73451a5b524
SHA1

9c1d043da11f2f643faa16c0ddafcfef798dd0f7
SHA256

4442ce6416ec657469db4307400cee13f3d1ea7eadb8f8e45e1589e13b4e2aa7
SHA512

cc7807adede3089d05528bca49e3e1ddf76306dc396b6ee56e4ff88e3fc0844a2ac51687d3f5cb019f33cf19ab91efa689a8b6e20ae81c7cf4d98edd5aafc00e
SSDEEP

6144:89xNyUUIuaCKUEa90IpqhPHMsvWF/oHikZN:8BFUI134BqhPMs+FAdZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5e92f1abb352f8fcf86b73451a5b524_JaffaCakes118

Files

a5e92f1abb352f8fcf86b73451a5b524_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0ec301dae13c4e0caa9f4987c2735c73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

MonitorFromWindow
CharNextA
wsprintfW
CharNextW

shell32

CommandLineToArgvW

kernel32

DeleteCriticalSection
CreateFileMappingA
FormatMessageW
GetCurrentProcess
GetFileSize
DeleteFileW
InterlockedCompareExchange
InterlockedDecrement
CreateFiberEx
IsDebuggerPresent
GetFullPathNameA
SetLastError
GetModuleHandleW
CreateDirectoryA
HeapSize
EnterCriticalSection
InterlockedExchange
_llseek
SetEndOfFile
GetSystemTimeAsFileTime
MapViewOfFile
UpdateResourceW
SetFilePointer
GetProcessHeap
GetProcAddress
FindClose
GetLocaleInfoA
EscapeCommFunction
GlobalFree
LoadLibraryA
_lwrite
GetACP
GetFileAttributesA
FindFirstFileA
FindNextFileW
HeapReAlloc
SetUnhandledExceptionFilter
WideCharToMultiByte
lstrlenA
GetFullPathNameW
MultiByteToWideChar
LoadLibraryExW
GetVersion
FreeLibrary
GetTempFileNameW
GetCurrentThreadId
RaiseException
CloseHandle
GetVersionExA
GetVersionExW
InterlockedIncrement
GlobalLock
CopyFileW
DebugBreak
SetFileAttributesA
EnumResourceTypesW
HeapFree
CreateFileW
_lclose
RemoveDirectoryA
GetOEMCP
GetSystemDirectoryA
EnumResourceNamesA
HeapAlloc
GetLastError
FindNextFileA
CreateDirectoryW
Sleep
OutputDebugStringA
EnumResourceNamesW
FreeResource
GetTickCount
GetEnvironmentVariableA
MoveFileW
GetCurrentProcessId
BeginUpdateResourceW
CopyFileA
GetCommandLineW
ReadFile
UnmapViewOfFile
LockResource
GetFileAttributesW
EnumResourceLanguagesW
GlobalUnlock
FindResourceExW
GetThreadLocale
FindFirstFileW
WriteFile
EndUpdateResourceW
GetStringTypeExW
FatalExit
GetCurrentDirectoryW
GetFileInformationByHandle
lstrcmpiA
AreFileApisANSI
UnhandledExceptionFilter
_lread
RemoveDirectoryW
lstrlenW
TerminateProcess
HeapDestroy
LeaveCriticalSection
GlobalAlloc
DeleteFileA
InitializeCriticalSection
SetFileAttributesW
LoadLibraryExA
LoadResource
ExitProcess
SizeofResource
QueryPerformanceCounter
LocalFree
FindResourceW
GetTempPathW
CreateFileA
lstrcpyA

psapi

GetProcessMemoryInfo

advapi32

CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptDestroyHash

msvfw32

ICInfo

imagehlp

ImageGetDigestStream
ImageRvaToVa
ImageNtHeader
ImageDirectoryEntryToData

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ec301dae13c4e0caa9f4987c2735c73

Headers

File Characteristics

Imports

user32

shell32

kernel32

psapi

advapi32

msvfw32

imagehlp

Sections

.text Size: 173KB - Virtual size: 172KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 27KB - Virtual size: 26KB

.lib Size: 512B - Virtual size: 96KB

.text
Size: 173KB - Virtual size: 172KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 27KB - Virtual size: 26KB

.lib
Size: 512B - Virtual size: 96KB