afdb2710d6c4ced1a387894562846856_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

afdb2710d6c4ced1a387894562846856_JaffaCakes118
Size

174KB
MD5

afdb2710d6c4ced1a387894562846856
SHA1

00d742ed7c3a0267c5979fa96bfc9246e9b60e2c
SHA256

39cbfce7a4b09076ac0e368e2cadf79696a966db29934477d9818bacf1d4b629
SHA512

8f1cfb23125a3bf3a69ebfe47c4399ccd6e949d8cefd23462b11fb734756089bf98b25f4b52e412b6f9a23da025234ce40aeb9b94d6af3bccc4fec7c7d31e1a0
SSDEEP

3072:YLzlW0dEzC2dmXqzVt+Y5cRktgtAostUJ+Vw5b2wHz:YNW0dEztgXmVtB5cRwgVmg+My

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afdb2710d6c4ced1a387894562846856_JaffaCakes118

Files

afdb2710d6c4ced1a387894562846856_JaffaCakes118
.exe windows:4 windows x86 arch:x86

37a479514ffdc283b9bc584621bbc27e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExW
DecryptFileW
RegQueryInfoKeyW
RegEnumValueW
EncryptFileW
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoGetDefaultContext
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

shlwapi

StrDupW
PathGetArgsW
SHRegGetValueW
PathSkipRootW
PathIsUNCW
PathFindFileNameW

kernel32

LocalAlloc
GetCalendarInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SearchPathW
OutputDebugStringW
OpenProcess
FindFirstFileW
MapViewOfFile
GetCurrentThreadId
SetFileAttributesW
GetProcessId
SetLastError
VirtualQuery
UnhandledExceptionFilter
InterlockedCompareExchange
FreeLibrary
GetLogicalDriveStringsW
GetModuleHandleA
SetUnhandledExceptionFilter
ExitProcess
UnmapViewOfFile
WideCharToMultiByte
IsWow64Process
GetProcAddress
GetFileAttributesW
QueryDosDeviceW
GetModuleFileNameW
EncodePointer
LoadLibraryW
GetCurrentProcess
EnumResourceNamesA
OutputDebugStringA
GetCurrentDirectoryW
MultiByteToWideChar
GetModuleHandleW
ReleaseMutex
CreateDirectoryW
InterlockedExchange
InitializeCriticalSection
FindNextFileW
SetEnvironmentVariableW
GetFileSizeEx
WaitForSingleObject
lstrcmpiW
lstrlenW
GetTickCount
EnterCriticalSection
GetLastError
VirtualProtect
LocalFree
Sleep
FindClose
DuplicateHandle
CreateFileMappingW
GetFileInformationByHandle
CreateMutexW

gdiplus

GdipGetImageWidth
GdipDisposeImage

user32

GetWindowThreadProcessId
GetPropW
GetGUIThreadInfo
GetClassNameW
AllowSetForegroundWindow
GetForegroundWindow

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37a479514ffdc283b9bc584621bbc27e

Headers

File Characteristics

Imports

advapi32

ole32

shlwapi

kernel32

gdiplus

user32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: 69KB - Virtual size: 68KB

.edata Size: 1024B - Virtual size: 96KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: 69KB - Virtual size: 68KB

.edata
Size: 1024B - Virtual size: 96KB