ad868b4674e89a0f7a095ead82abfb82_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad868b4674e89a0f7a095ead82abfb82_JaffaCakes118
Size

521KB
MD5

ad868b4674e89a0f7a095ead82abfb82
SHA1

9899d3945acdc7d01d74b135cad273bcd8a3f381
SHA256

155018312ee55de1d9fda03557d86a4116a7dc8254ad3763ff5afb8fc250e607
SHA512

afc1b647118a882bd10631c1107c3e80fb9cfda1a5089785d5b6b3b47de7f45e4927af3d8def9be58bc7ed50fa39fdc7b96ea003abb13c66a8ea111e26cd5b13
SSDEEP

12288:Lvuc+BaGR9LAEu4qo2XcR3NweBGDeHSAbFBOcJw:L2oGRdAEuXnMRNQeZR0r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad868b4674e89a0f7a095ead82abfb82_JaffaCakes118

Files

ad868b4674e89a0f7a095ead82abfb82_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab9d8ed85d59d2fc0a7b588d6e2fca8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetFileTitleA
GetOpenFileNameW
ReplaceTextA

advapi32

RegDeleteValueW
LookupAccountSidA
RegConnectRegistryW
RegCreateKeyExW
RegReplaceKeyW
GetUserNameA
RegLoadKeyA
CryptSetHashParam
LookupAccountSidW
CryptEncrypt
LookupAccountNameW
CryptExportKey
RevertToSelf
StartServiceW

user32

SetWindowLongA
GetAncestor
DdeAccessData
SetCursor
SetCaretBlinkTime
RegisterDeviceNotificationA
SendDlgItemMessageW
RegisterClassA
DdeDisconnectList
DrawIconEx
ActivateKeyboardLayout
MessageBoxExW
RegisterClassExA

comctl32

InitCommonControlsEx

kernel32

GetCurrentThreadId
SetHandleCount
FreeEnvironmentStringsW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
WriteConsoleA
CompareStringA
InterlockedIncrement
GetLocaleInfoA
TlsFree
GetSystemTimeAsFileTime
HeapReAlloc
IsDebuggerPresent
CompareStringW
GetStringTypeW
SetUnhandledExceptionFilter
SetLastError
SetConsoleCtrlHandler
GetCommandLineW
CloseHandle
EnterCriticalSection
GetCurrentProcessId
EnumSystemLocalesA
SetFilePointer
GetStartupInfoW
QueryPerformanceCounter
SetStdHandle
LeaveCriticalSection
GetTimeZoneInformation
TlsAlloc
GetCurrentProcess
GetConsoleOutputCP
TlsSetValue
ReadFile
GetCPInfo
VirtualAlloc
LoadLibraryA
GetProcAddress
LCMapStringA
DeleteCriticalSection
LCMapStringW
GetEnvironmentStringsW
HeapDestroy
UnhandledExceptionFilter
GetConsoleMode
GetACP
InterlockedDecrement
FreeLibrary
HeapFree
VirtualFree
GetStartupInfoA
GetTickCount
IsValidCodePage
RtlUnwind
SetEnvironmentVariableA
MultiByteToWideChar
OpenMutexA
ExitProcess
CreateMutexA
GetLocaleInfoW
EnumSystemCodePagesA
GetFileType
Sleep
FlushFileBuffers
WideCharToMultiByte
GetStringTypeExA
IsValidLocale
TlsGetValue
GetProfileStringA
TerminateProcess
WriteConsoleW
HeapSize
GetConsoleCP
VirtualQuery
GetStdHandle
CreateFileA
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleA
GetStringTypeA
InterlockedExchange
HeapAlloc
GetOEMCP
GlobalCompact
GetDateFormatA
WriteFile
HeapCreate
SleepEx
GetUserDefaultLCID
GetLastError
GetModuleHandleW
GetCurrentThread
GetTimeFormatA

Sections

.text
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab9d8ed85d59d2fc0a7b588d6e2fca8c

Headers

File Characteristics

Imports

comdlg32

advapi32

user32

comctl32

kernel32

Sections

.text Size: 184KB - Virtual size: 184KB

.rdata Size: 10KB - Virtual size: 35KB

.data Size: 315KB - Virtual size: 314KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 184KB - Virtual size: 184KB

.rdata
Size: 10KB - Virtual size: 35KB

.data
Size: 315KB - Virtual size: 314KB

.rsrc
Size: 10KB - Virtual size: 10KB