b1f297f5036b487194fa947474790f7f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1f297f5036b487194fa947474790f7f_JaffaCakes118
Size

309KB
MD5

b1f297f5036b487194fa947474790f7f
SHA1

6c38db73baf4257abc04d888226e2918b73959fd
SHA256

d614a0103868e2fe4af92762853d00f48419d094fd9372fa8fd71a6b31b1198a
SHA512

0919c610c0fe53b0c8e4b26eac94b0e1f60528c1d6a8c8075fc21643298454faa53044bc848ee595b51157f0236c530d54102623ed023a817a9ad21e2016dbf6
SSDEEP

6144:qEPFTn+mftDCiby+HUyAw0zo0naGCzo0naG6zo0naGtzo0naG8zo0naGbzo0naG8:tbZAHPaGCPaG6PaGtPaG8PaGbPaG8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1f297f5036b487194fa947474790f7f_JaffaCakes118

Files

b1f297f5036b487194fa947474790f7f_JaffaCakes118
.exe windows:1 windows x86 arch:x86

3826f785c6afaf1ff7498e761f4085a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
RtlUnwind
UnhandledExceptionFilter
GetModuleFileNameA
GetLocalTime
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetVersion
WinExec
GetCommandLineA
GetLastError
GetTimeZoneInformation
WideCharToMultiByte
GetProcAddress
MultiByteToWideChar
SetEnvironmentVariableA
GetCurrentThreadId
lstrlenA
GetEnvironmentStrings
GetStartupInfoA
GetModuleHandleA
GetFileType
VirtualFree
GetPrivateProfileStringA
VirtualAlloc

user32

MessageBoxA
wsprintfA
GetSystemMetrics
ShowWindow
SetActiveWindow
GetDC

winmm

sndPlaySoundA
waveOutGetNumDevs

gdi32

GetDeviceCaps

tl221mn

ord47
ord245
ord236
ord232
ord57
ord69
ord127
ord146
ord174
ord240
ord176
ord227
ord130
ord246
ord184
ord140
ord167
ord173
ord133
ord180
ord241
ord156
ord158
ord233
ord129
ord138
ord136
ord243
ord225
ord137
ord148
ord125
ord134

sv221mn

ord2117
ord1837
ord1930
ord1273
ord1917
ord1391
ord1394
ord1274
ord1395
ord1373
ord1374
ord1379
ord1869
ord1375
ord1355
ord2136
ord1381
ord2125
ord2166
ord2303
ord2176
ord2319
ord2312
ord2248
ord1621
ord2305
ord1887
ord101
ord1854
ord82
ord2297
ord39
ord37
ord1026
ord35
ord1909
ord1905
ord1871
ord1831
ord1876
ord1868
ord1877
ord1840
ord1577
ord1587
ord1649
ord1915
ord1704
ord1823
ord1843
ord1844
ord1928
ord1927
ord1885
ord1461
ord56
ord1773
ord1838
ord1417
ord1354
ord1706
ord1700
ord1523
ord1526
ord1533
ord1506
ord1491
ord1474
ord1513
ord1359
ord1364
ord1353
ord1845
ord1908
ord1658
ord1646
ord1783
ord1057
ord1642
ord1055
ord1627
ord99
ord1620
ord76
ord102
ord1622
ord92
ord1660
ord1492
ord1504
ord1581
ord2120
ord1866
ord1867
ord1961
ord2111
ord1701
ord2282
ord2140
ord1971
ord1579
ord1578
ord1586
ord1505
ord1499
ord1863
ord2134
ord2272
ord1775
ord1969
ord1864
ord1252
ord1865
ord1851
ord1884
ord1457
ord54
ord46
ord2131
ord2109
ord2278
ord1956
ord1623
ord1427
ord1986
ord1999
ord1983
ord1912
ord1817
ord1872
ord1624
ord90
ord1699
ord2244
ord2296
ord2264
ord2254
ord2175
ord1841
ord1826
ord1832
ord2165
ord1039
ord1040
ord2127
ord2261
ord2029
ord2028
ord2039
ord1870
ord2018
ord2034
ord2027
ord2045
ord2259
ord1028
ord1053
ord1029
ord1048
ord1025
ord1022
ord1862
ord2024
ord2015
ord1970
ord78
ord79
ord93
ord1663
ord1666
ord2121
ord2116
ord2118
ord1776
ord1849
ord1850
ord1855
ord2115
ord1672

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 49B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heb
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3826f785c6afaf1ff7498e761f4085a8

Headers

File Characteristics

Imports

kernel32

user32

winmm

gdi32

tl221mn

sv221mn

advapi32

Sections

.text Size: 62KB - Virtual size: 62KB

.bss Size: - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 5KB

.idata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 49B

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 5KB - Virtual size: 16KB

.heb Size: 198KB - Virtual size: 200KB

.text
Size: 62KB - Virtual size: 62KB

.bss
Size: - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 5KB

.idata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 49B

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 5KB - Virtual size: 16KB

.heb
Size: 198KB - Virtual size: 200KB