b2e8c4ca3547166e7885f3c2d224ef18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2e8c4ca3547166e7885f3c2d224ef18_JaffaCakes118
Size

104KB
MD5

b2e8c4ca3547166e7885f3c2d224ef18
SHA1

8f76113f3ab26df87c8bc3dde5b7d60f55e18712
SHA256

4a92731196472a52a0633b05b40d86c3b10fd8c15a5672f20151b135e68a8b32
SHA512

4415be1c6ae516865c84f63e15203ba3e84ef5abf6f89a4f6326d810524601def23fd2f75c4e0b9673cf9ecd087fe8c584953c83c8c58ec27e0d145e444afdc0
SSDEEP

1536:ihZ8WZnTxE67JkLEgwwpq6p0iMXy73atwGZpRmt9:iUWRv7JkLEop71MGKysmt9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2e8c4ca3547166e7885f3c2d224ef18_JaffaCakes118

Files

b2e8c4ca3547166e7885f3c2d224ef18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb650126eb9f1935d03506174cb22553

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
WinExec
TerminateProcess
Sleep
lstrlenA
lstrcmpiA
SetThreadPriority
GetCurrentThread
GetLocalTime
GetVersionExA
GetPrivateProfileIntA
CreateProcessW
GetStartupInfoW
GetPrivateProfileIntW
GetPrivateProfileStringW
FindNextFileA
OutputDebugStringA
CreateThread
QueryDosDeviceA
GetLogicalDriveStringsA
VirtualAlloc
VirtualFree
HeapCreate
SetEndOfFile
IsBadCodePtr
IsBadReadPtr
CreateFileA
SetFilePointer
GetCurrentProcess
LoadLibraryA
GetProcAddress
OpenProcess
GetLastError
GetCommandLineA
GetVersion
ReadProcessMemory
CloseHandle
lstrcatW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
HeapSize
WriteFile
GetFileType
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
ReadFile
LCMapStringW
LCMapStringA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
MultiByteToWideChar
WideCharToMultiByte
LocalFree
HeapFree
HeapAlloc
RtlUnwind
MoveFileA
GetModuleHandleA
GetStartupInfoA
ExitProcess
RaiseException
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc

user32

LoadCursorA
SetCursor
wsprintfA
MessageBoxA
ShowCursor
IsWindow
FindWindowExA
SendMessageA

advapi32

GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathA
SHChangeNotify
SHGetSpecialFolderPathW

ole32

CoCreateInstance
OleRun
CoInitialize

oleaut32

VariantInit
VariantCopy
SysFreeString
SysAllocString
VariantClear
GetErrorInfo

psapi

GetProcessImageFileNameA

setupapi

SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiOpenClassRegKey
SetupDiGetClassDevsA

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb650126eb9f1935d03506174cb22553

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

psapi

setupapi

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 3KB