aff94c3d297b8f53d44563e5a3b6e8f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aff94c3d297b8f53d44563e5a3b6e8f1_JaffaCakes118
Size

393KB
MD5

aff94c3d297b8f53d44563e5a3b6e8f1
SHA1

48c5adfc818d6e4f3dde004c3a28e596911933eb
SHA256

71fa18de0d0e6a33cbcbc8eb09d901bfd79f9e28505cf65c9b435004d840e945
SHA512

6832bf92957df244c7d20b4e91c22b97e2bd61d0df3750036a786cb32d637128cb02db3edaa19c5589ed17a7dc899989abfbd0fbc8557380195d930fd93806db
SSDEEP

12288:K7aDHJSh8YNSMYmIlzuP6XhTk4vT885IlSh8dP:unhFXYTxzXGTIh4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aff94c3d297b8f53d44563e5a3b6e8f1_JaffaCakes118

Files

aff94c3d297b8f53d44563e5a3b6e8f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5f562abbff4ce22c6d20dcf996729db2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DestroyIcon
DefMDIChildProcA
GetCursorPos
SetScrollPos
SetWinEventHook
CloseWindow
IsDialogMessage
CallNextHookEx
DdeCmpStringHandles
SendNotifyMessageW
TranslateAcceleratorW
ToUnicodeEx
BeginDeferWindowPos
GetKBCodePage

shell32

SHFormatDrive
SHGetSettings
ShellExecuteExA
SHAddToRecentDocs
FreeIconList

kernel32

GetModuleHandleA
LeaveCriticalSection
SetHandleCount
GetEnvironmentStrings
UnhandledExceptionFilter
GetUserDefaultLangID
QueryPerformanceCounter
GetVersion
ReadConsoleInputA
GetModuleFileNameW
GetTickCount
TlsGetValue
HeapFree
GetFullPathNameW
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsA
VirtualAlloc
GetStartupInfoA
GetStdHandle
HeapReAlloc
GetLastError
TlsAlloc
TerminateProcess
RtlUnwind
GetStartupInfoW
ExitProcess
IsBadWritePtr
GetProcAddress
HeapCreate
VirtualQuery
GetThreadLocale
GetCommandLineA
DeleteCriticalSection
GetFileType
VirtualFree
HeapAlloc
TlsSetValue
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
LoadLibraryA
GetModuleFileNameA
HeapDestroy
EnumResourceLanguagesA
WriteFile
GetCurrentThreadId
TlsFree
SetLastError
SetCurrentDirectoryA
GetCurrentThread
GetCommandLineW
InitializeCriticalSection
InterlockedExchange
MultiByteToWideChar

advapi32

CryptSetProviderW
LookupSecurityDescriptorPartsW
DuplicateToken
RegSetValueA
LookupAccountSidW
RegSetValueW
RegReplaceKeyA
RegCreateKeyExW
RegOpenKeyW
CryptSignHashA
LookupPrivilegeNameA
CryptReleaseContext
RegSaveKeyA
CryptHashData
CryptGetProvParam
RegCreateKeyExA
GetUserNameW

comdlg32

PageSetupDlgW

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f562abbff4ce22c6d20dcf996729db2

Headers

File Characteristics

Imports

user32

shell32

kernel32

advapi32

comdlg32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 3KB - Virtual size: 14KB

.data Size: 276KB - Virtual size: 275KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 3KB - Virtual size: 14KB

.data
Size: 276KB - Virtual size: 275KB

.rsrc
Size: 4KB - Virtual size: 4KB