a8f910ef38cd54758a1747ee2e1a3e5a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a8f910ef38cd54758a1747ee2e1a3e5a_JaffaCakes118
Size

444KB
MD5

a8f910ef38cd54758a1747ee2e1a3e5a
SHA1

074158a0d8b3d19326463b4ea6061a7fbe36d03c
SHA256

424406d05dc8085ae681eb244ee825debb3e933126be36e1d54d71fc0c395bd5
SHA512

7fe3d7b3d868dc7eca5bf993cdad84fcffb935a56ff929f5581bbb31ae66b5f8ee82cfe5024f16d27b12a7c7b81f9079f8519f696aa8d6c7bcab3f5171abba93
SSDEEP

6144:cbhBeI3ArRGRtwlmRusAWIKk8I7xVu1Mu0vxT++O/fI/H/uDNjVvAzHvtmOn+47x:cje2aIRusAlXO0T9/usvcbs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8f910ef38cd54758a1747ee2e1a3e5a_JaffaCakes118

Files

a8f910ef38cd54758a1747ee2e1a3e5a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3606390f5eaca97f5bc4c7927d278bb0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceA
GetLastError
GetMailslotInfo
UnlockFile
GetCommandLineW
WaitForMultipleObjectsEx
HeapAlloc
SetLastError
IsValidLocale
HeapCreate
LeaveCriticalSection
UnhandledExceptionFilter
CreateDirectoryA
CloseHandle
TlsSetValue
IsValidCodePage
TlsFree
GetEnvironmentStrings
GetEnvironmentStringsW
WriteConsoleOutputCharacterW
InterlockedDecrement
EnterCriticalSection
GetFileType
EnumSystemLocalesA
FindResourceExA
GetModuleFileNameW
LCMapStringW
GetDateFormatA
GetProcAddress
CreateDirectoryExW
GetCurrentThread
SetEnvironmentVariableA
GlobalGetAtomNameW
DeleteCriticalSection
GetOEMCP
GetProcessHeap
VirtualQuery
GetVersionExA
SetConsoleCtrlHandler
HeapSize
ReadConsoleOutputCharacterW
GetStartupInfoW
LCMapStringA
GetCommandLineA
HeapReAlloc
GetUserDefaultLCID
ExitProcess
lstrcpynA
WideCharToMultiByte
VirtualAlloc
SetHandleCount
QueryPerformanceCounter
GetCurrentProcess
GetStringTypeW
GetModuleHandleA
FreeLibrary
GetStdHandle
GetStringTypeA
GetCurrentThreadId
InitializeCriticalSection
Sleep
CompareStringW
GetACP
GetCurrentProcessId
TlsGetValue
GetTimeFormatA
CompareStringA
ReadConsoleW
GetTickCount
GetLocaleInfoW
VirtualLock
FreeEnvironmentStringsW
InterlockedIncrement
HeapDestroy
RtlUnwind
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
WriteFile
GetTimeZoneInformation
GetPrivateProfileSectionW
WaitForSingleObject
GetCPInfo
TlsAlloc
GetLocaleInfoA
GetStartupInfoA
HeapFree
TerminateProcess
LoadLibraryA
GetSystemTimeAdjustment
MultiByteToWideChar
VirtualFree
GetFileAttributesExA
GetModuleFileNameA
IsDebuggerPresent
GetDiskFreeSpaceExW
SetUnhandledExceptionFilter
MapViewOfFileEx
InterlockedExchange

comdlg32

GetSaveFileNameA
ChooseColorW
GetFileTitleW
ChooseFontA
GetFileTitleA
PrintDlgW
ChooseFontW
PrintDlgA
GetSaveFileNameW
GetOpenFileNameW
FindTextA
LoadAlterBitmap

advapi32

RegQueryValueA
CryptDecrypt
CryptSignHashW
CryptCreateHash
CryptDestroyKey
LookupAccountNameW
CryptGetUserKey
InitiateSystemShutdownW

wininet

GopherCreateLocatorW
UpdateUrlCacheContentPath
IsUrlCacheEntryExpiredA
GetUrlCacheConfigInfoA
FreeUrlCacheSpaceA
HttpSendRequestW
UnlockUrlCacheEntryStream
InternetOpenW
FtpRenameFileW
FreeUrlCacheSpaceW
GopherOpenFileW
LoadUrlCacheContent

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3606390f5eaca97f5bc4c7927d278bb0

Headers

File Characteristics

Imports

kernel32

comdlg32

advapi32

wininet

Sections

.text Size: 153KB - Virtual size: 153KB

.data Size: 277KB - Virtual size: 295KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 153KB - Virtual size: 153KB

.data
Size: 277KB - Virtual size: 295KB

.rsrc
Size: 13KB - Virtual size: 12KB