af8e6bb375bf953d8a751455d5b9778a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af8e6bb375bf953d8a751455d5b9778a_JaffaCakes118
Size

499KB
MD5

af8e6bb375bf953d8a751455d5b9778a
SHA1

62e9e938e27976d61267a3cc2ff6b3f3ead5bae2
SHA256

d143b3db04ce57738df2004d5284f378cd2e4764cd6462c278578a42218ec4d9
SHA512

fec15e7ac3e751cdfa2b68dc10375579c32f1ae9fba1f2364e601e7dd5f4de2343e5917518b81d007451e52abe1d4490766db8117fa37afab195badeb6d2cbf6
SSDEEP

12288:LxLL0FUzweOnRYRygYlDSHXlR/D4ZSpBY:Li+8eRygC8lR/kQY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af8e6bb375bf953d8a751455d5b9778a_JaffaCakes118

Files

af8e6bb375bf953d8a751455d5b9778a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f340833b3341024903db61e609682302

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
WaitForSingleObjectEx
GlobalFlags
IsValidCodePage
GetNamedPipeHandleStateA
EnumDateFormatsExA
UnhandledExceptionFilter
GetCurrentThread
GetVersionExA
InitializeCriticalSection
GetCurrentProcessId
GetVolumeInformationW
GetPrivateProfileSectionNamesW
GetSystemDefaultLCID
IsValidLocale
GetTimeZoneInformation
GetCommandLineW
VirtualAlloc
GetLocaleInfoW
GetMailslotInfo
VirtualFree
InterlockedExchange
GetLastError
GetModuleFileNameA
UnmapViewOfFile
GetFileType
SetConsoleMode
GetUserDefaultLCID
TlsSetValue
IsBadWritePtr
GetCPInfo
HeapAlloc
SetEnvironmentVariableA
GetStringTypeW
DebugBreak
LocalUnlock
GetTimeFormatA
GetModuleHandleA
GetDateFormatA
GlobalAlloc
GetACP
ExitProcess
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
TlsAlloc
LeaveCriticalSection
FreeEnvironmentStringsW
CompareStringW
GetStdHandle
HeapFree
QueryPerformanceCounter
SetLastError
GetModuleFileNameW
TerminateProcess
OpenMutexA
CloseHandle
GetProcAddress
SetHandleCount
CreateMutexA
EnumSystemLocalesA
CompareStringA
FlushFileBuffers
LCMapStringA
HeapSize
VirtualProtect
DeleteCriticalSection
GetEnvironmentStrings
WriteFile
GetStartupInfoW
WideCharToMultiByte
LCMapStringW
GetCommandLineA
TlsGetValue
SetFilePointer
HeapValidate
GetStartupInfoA
GetCurrentProcess
EnterCriticalSection
OpenWaitableTimerW
TlsFree
GetLocaleInfoA
SetStdHandle
GetOEMCP
MultiByteToWideChar
lstrcmpi
HeapReAlloc
HeapDestroy
GetSystemInfo
RtlUnwind
GetEnvironmentStringsW
GetStringTypeA
CreateFileA
GetCurrentThreadId
VirtualQuery
HeapCreate
ReadFile
RemoveDirectoryW
GetTickCount

wininet

InternetGetConnectedStateEx
InternetSetOptionW

comdlg32

FindTextW
GetFileTitleA
ChooseFontW

comctl32

InitCommonControlsEx

shell32

SHGetDataFromIDListW
ExtractIconW
SHGetFileInfoA

user32

UnpackDDElParam
SetCapture
DrawIcon
RegisterClassA
EnumDisplayDevicesA
GetMenuState
RegisterClassExA
TranslateAccelerator
GetComboBoxInfo
EnumDisplaySettingsExA
GetKeyNameTextA
RealGetWindowClass
DestroyCaret
TrackPopupMenuEx
TranslateMessage
GetKeyboardLayoutNameA
IsWindowEnabled
BroadcastSystemMessageW
SetWindowContextHelpId
BeginDeferWindowPos
OpenIcon
GetListBoxInfo
GetGuiResources

Sections

.text
Size: 309KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f340833b3341024903db61e609682302

Headers

File Characteristics

Imports

kernel32

wininet

comdlg32

comctl32

shell32

user32

Sections

.text Size: 309KB - Virtual size: 308KB

.rdata Size: 63KB - Virtual size: 74KB

.data Size: 114KB - Virtual size: 113KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 309KB - Virtual size: 308KB

.rdata
Size: 63KB - Virtual size: 74KB

.data
Size: 114KB - Virtual size: 113KB

.rsrc
Size: 12KB - Virtual size: 11KB