b20725e5084e3518d2efcd45331c220c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b20725e5084e3518d2efcd45331c220c_JaffaCakes118
Size

670KB
MD5

b20725e5084e3518d2efcd45331c220c
SHA1

5f52ab4eaea38bcbb1161a7cc2eec6183fb0a4a3
SHA256

df550aad826fe579e39bf5abee6a3653a0bc2d62e940af4bf70bbbe01bdf3015
SHA512

04f79a37f28626c371d0d01b3b4ce6bc8f7569458c14e51c1bb7b186e18f20e3bc86d57f7f5a05b5425d9baa3c4b61da820fa5879d98d2b5b7b85ae93996b285
SSDEEP

12288:sirKA8WLrWC7fDYYfzas/ys1GPGI03MDDYIBrf2BMR4eDq888txhC:sirXr17nVyfGI0cDDB2o4eDqAtxh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b20725e5084e3518d2efcd45331c220c_JaffaCakes118

Files

b20725e5084e3518d2efcd45331c220c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12240c7663523c6276c39e321624a48c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitiateSystemShutdownA
LookupPrivilegeValueA
RegEnumKeyW
CryptEnumProviderTypesW
CryptDestroyHash
RegConnectRegistryW
RegSetValueExA
CryptSignHashW
RegSetValueExW
CryptEnumProvidersA
CryptDecrypt
CryptAcquireContextA
RegCloseKey
CryptGenRandom
LookupPrivilegeDisplayNameW
ReportEventW
CryptSignHashA
RevertToSelf
CryptGetHashParam
GetUserNameA
RegCreateKeyExA

kernel32

TlsSetValue
HeapCreate
SetHandleCount
EnumSystemLocalesA
TlsAlloc
GetCommandLineA
ReadFile
GetCurrentProcessId
GetLocaleInfoA
MultiByteToWideChar
WriteConsoleW
DeleteFileW
FreeLibrary
GetStringTypeW
GetStdHandle
InterlockedIncrement
IsValidCodePage
lstrcpyA
LCMapStringA
GetModuleFileNameA
GetCurrentProcess
GetDateFormatA
QueryPerformanceCounter
GetLocaleInfoW
GetTickCount
CreateFileA
ExitProcess
GetCPInfo
CreateMutexA
Sleep
HeapAlloc
GetFileType
UnhandledExceptionFilter
HeapDestroy
HeapSize
GetConsoleOutputCP
LocalFree
LCMapStringW
WriteFile
GetCurrentThread
RtlUnwind
IsValidLocale
GetProcAddress
SetEnvironmentVariableA
GetModuleHandleW
GetConsoleCP
GetACP
GetCommandLineW
GetModuleHandleA
OpenSemaphoreW
SetLastError
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
VirtualQuery
InterlockedDecrement
SetConsoleCtrlHandler
EnterCriticalSection
GetEnvironmentStringsW
HeapReAlloc
GetConsoleMode
LeaveCriticalSection
TlsFree
VirtualAlloc
VirtualFree
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
CompareStringA
GetOEMCP
GetTimeFormatA
SetFilePointer
GetUserDefaultLCID
DeleteCriticalSection
GetTimeZoneInformation
GetLastError
GetStartupInfoA
TlsGetValue
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetStringTypeA
WriteConsoleA
WideCharToMultiByte
InterlockedExchange
HeapFree
TerminateProcess
FlushFileBuffers
CompareStringW
SetStdHandle
GetCurrentThreadId
OpenMutexA
LoadLibraryA
lstrcpynA
CloseHandle

comdlg32

GetSaveFileNameA

comctl32

InitCommonControlsEx

user32

RegisterClassA
PostMessageW
SendMessageA
CreateCaret
DeleteMenu
RegisterClassExA

Sections

.text
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12240c7663523c6276c39e321624a48c

Headers

File Characteristics

Imports

advapi32

kernel32

comdlg32

comctl32

user32

Sections

.text Size: 507KB - Virtual size: 507KB

.rdata Size: 27KB - Virtual size: 50KB

.data Size: 112KB - Virtual size: 111KB

.rsrc Size: 23KB - Virtual size: 22KB

.text
Size: 507KB - Virtual size: 507KB

.rdata
Size: 27KB - Virtual size: 50KB

.data
Size: 112KB - Virtual size: 111KB

.rsrc
Size: 23KB - Virtual size: 22KB