b22d7fdc1d0f703bcab34ecbf77c9cfb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b22d7fdc1d0f703bcab34ecbf77c9cfb_JaffaCakes118
Size

314KB
MD5

b22d7fdc1d0f703bcab34ecbf77c9cfb
SHA1

24000917d782be5a47b1c7e62f09cc9ee300c93d
SHA256

58e98a33721ede4771ff580f9c0fa45f7a21e81411570cffc220d3e621145e5a
SHA512

9c128b50ebccd84c098fbf5c7cb1dbbbde1d7cee47281979d2cff82b055210ee639a1ad7ef0d996cc302e0c0399d0819f656bc42520667fd129979969fe026ad
SSDEEP

6144:49wfcgh1hDurH9bHDX5eRXuXW18NSJ5KePI9QTTgUH/XgJIUKEgwonRku:/fzZRGWCsgSN1wonRku

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b22d7fdc1d0f703bcab34ecbf77c9cfb_JaffaCakes118

Files

b22d7fdc1d0f703bcab34ecbf77c9cfb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b38e8692ecfc98dab61794d786737819

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

dciman32

DCIBeginAccess

kernel32

FindFirstFileW
SetFileAttributesW
IsDBCSLeadByte
FindResourceW
GetVersion
GetLocaleInfoW
EnumCalendarInfoW
GlobalCompact
GetVersionExA
GetModuleFileNameW
GetStartupInfoA
VirtualFree
SearchPathW
ReadFile
VirtualAlloc
FindClose
DeleteCriticalSection
GetProcessHeap
TerminateProcess
GetStringTypeW
HeapFree
RaiseException
GetCurrentDirectoryW
VirtualProtect
MoveFileW
GetSystemDefaultLCID
SetUnhandledExceptionFilter
GetUserDefaultLCID
FindNextFileW
GetSystemTime
LocalAlloc
GlobalReAlloc
GetOEMCP
UnhandledExceptionFilter
GetFileType
SetLastError
LoadResource
InitializeCriticalSection
GetProcessHeap
SetEnvironmentVariableW
SizeofResource
GlobalAlloc
LockFile
IsValidCodePage
GetTempPathA
LoadLibraryW
GetFileSize
LocalFree
GetTickCount
FreeLibrary
GetSystemDirectoryW
ExitProcess
GlobalSize
GetModuleHandleW
CloseHandle
GetFileAttributesW
GetFullPathNameW
GetSystemDirectoryA
LoadLibraryExW
LockResource
InterlockedCompareExchange
GlobalUnlock
GetCurrentProcess
CreateProcessA
WriteFile
GetStringTypeExA
SetCurrentDirectoryW
GetTempFileNameA
GetVolumeInformationW
GlobalFree
LCMapStringW
GetProcAddress
IsDebuggerPresent
SystemTimeToTzSpecificLocalTime
GetModuleHandleA
IsBadWritePtr
GetVersionExW
Sleep
OutputDebugStringA
GetCurrentThreadId
GetSystemTimeAsFileTime
lstrcmpW
SetErrorMode
LoadLibraryA
FormatMessageA
UnlockFile
GetWindowsDirectoryW
IsDBCSLeadByteEx
HeapReAlloc
GlobalLock
GetLocalTime
MulDiv
SetFilePointer
HeapAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetACP
DeleteFileW
InterlockedExchange
GetLastError

user32

GetLastActivePopup
SetForegroundWindow
IsIconic
EnumWindowStationsW
GetWindowRect
ShowWindow
SetRect
GetClientRect

shell32

SHCreateDirectoryExW
SHChangeNotify
SHGetFolderPathW
SHGetSpecialFolderPathA
SHCreateDirectoryExA
SHGetSpecialFolderPathW

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edit
Size: 5KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b38e8692ecfc98dab61794d786737819

Headers

File Characteristics

Imports

dciman32

kernel32

user32

shell32

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 84KB - Virtual size: 84KB

.edit Size: 5KB - Virtual size: 70KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 84KB - Virtual size: 84KB

.edit
Size: 5KB - Virtual size: 70KB