ab1e76c9fbd7d1fbdfecf2473c6a7ea7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab1e76c9fbd7d1fbdfecf2473c6a7ea7_JaffaCakes118
Size

172KB
MD5

ab1e76c9fbd7d1fbdfecf2473c6a7ea7
SHA1

4b8e1e535c49ce6c04d36eb89abcec878a92c642
SHA256

5c06d4fd8c40f99824f3b15fac23998bcb3761318590c99a368a9af5133e7842
SHA512

b7f03389e69d22d759923f4ab124c8b65aa4b82f7e151e24dd4b4c985073f6ccc78b7f0165b4a16b924d8176144b5b8a569af041d8192e02c4a26066ea0d2653
SSDEEP

3072:VCF6f1P8S92LGWuko2kr+1GA20i2tU/z6qJP2Pqb6ot5PLLtK9jpduIvR:VCF6+tCJkop+0A/kBPiq5t5PLRK97bR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab1e76c9fbd7d1fbdfecf2473c6a7ea7_JaffaCakes118

Files

ab1e76c9fbd7d1fbdfecf2473c6a7ea7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd568f8f388261cf266dc57d0045fa37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetClassLongA
MessageBoxW

shlwapi

SHDeleteKeyW

shell32

SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoCreateGuid
CoInitialize
StringFromGUID2
CoCreateInstance
CoUninitialize
CoSetProxyBlanket

kernel32

HeapReAlloc
GetCurrentProcessId
HeapSize
GetFullPathNameW
GetCurrentDirectoryW
GetConsoleCP
RtlUnwind
GetThreadPriority
GetModuleHandleA
HeapAlloc
GetStringTypeA
SetHandleCount
LCMapStringW
GetSystemTimeAsFileTime
GetACP
VirtualAlloc
FreeEnvironmentStringsW
TerminateProcess
TlsFree
HeapCreate
WideCharToMultiByte
WriteConsoleA
Sleep
LeaveCriticalSection
GetLocaleInfoW
GetLastError
HeapFree
SetStdHandle
SetCommTimeouts
TlsGetValue
GetProcessHeap
IsDebuggerPresent
GetFileType
GetCurrentThreadId
WriteFile
EnumResourceNamesA
GetEnvironmentStrings
GetCPInfo
LCMapStringA
CreateFileA
QueryPerformanceCounter
DeleteCriticalSection
LoadLibraryA
GetCurrentProcess
GetProcAddress
GetStdHandle
ReadFile
GetStringTypeW
UnhandledExceptionFilter
GetTickCount
FreeEnvironmentStringsA
GetModuleFileNameA
GetConsoleOutputCP
ExitProcess
IsValidLocale
SetUnhandledExceptionFilter
GetVersionExA
VirtualFree
ExitProcess
SetFilePointer
SetEndOfFile
InitializeCriticalSection
WriteConsoleW
InterlockedIncrement
SetLastError
GlobalAlloc
CloseHandle
EnumSystemLocalesA
GetStartupInfoA
EnterCriticalSection
RaiseException
MultiByteToWideChar
FlushFileBuffers
GetEnvironmentStringsW
GetLocaleInfoA
GetCommandLineA
GetUserDefaultLCID
TlsAlloc
GetConsoleMode
GetModuleFileNameW
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsSetValue
HeapDestroy
GetFullPathNameA

rpcrt4

UuidCreate

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd568f8f388261cf266dc57d0045fa37

Headers

File Characteristics

Imports

user32

shlwapi

shell32

ole32

kernel32

rpcrt4

advapi32

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 17KB - Virtual size: 17KB

.crt Size: 512B - Virtual size: 68KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 17KB - Virtual size: 17KB

.crt
Size: 512B - Virtual size: 68KB