b936343378e1002858bbc6edf0aaa9e9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b936343378e1002858bbc6edf0aaa9e9_JaffaCakes118
Size

648KB
MD5

b936343378e1002858bbc6edf0aaa9e9
SHA1

97ce76c0b2347b5dc0a9e480dbd9a7983ae2a50b
SHA256

a060c51c947826d373d497bbb99dc335f97fdfae70fe450970a63aa4fee10b75
SHA512

e2557cba2abdf7218a88b5f7121312495dbfc506d41f289433da97abe80c54947a1a962b7318dc46dcfc6d3b20ae72debee3cb344385a86a1c3933185b6a84e9
SSDEEP

12288:YZ9XdYxzDdhM4zpZVQJG+Xu98o6GXW0KOQSB1h1UO3nkU0:YZ9XdYxzDdhM4z1QJG+XuuGXW0ISHNn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b936343378e1002858bbc6edf0aaa9e9_JaffaCakes118

Files

b936343378e1002858bbc6edf0aaa9e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af73f4d72a0665f4a3ee8ff373e184c2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFile
ExtractIconW
SHBrowseForFolderW
ShellExecuteExA
SHGetSettings

user32

RegisterClassA
EnumPropsExW
RegisterClassExA
IsWindowEnabled
SetCursorPos
GetClipboardFormatNameW

advapi32

CryptReleaseContext
RegQueryMultipleValuesW
RegReplaceKeyA
RegDeleteValueW
RegSaveKeyW
StartServiceA
RegRestoreKeyA
CryptAcquireContextA
LookupPrivilegeValueW
RegQueryValueExW
RegConnectRegistryA
CryptHashSessionKey
RegSetValueW

comctl32

InitCommonControlsEx

kernel32

TlsFree
InterlockedDecrement
VirtualQuery
GetCommandLineA
GetLastError
CloseHandle
GetSystemTimeAsFileTime
ReadFile
FreeEnvironmentStringsA
GetFileType
SetFilePointer
GetCurrentProcessId
IsBadWritePtr
GetCurrentThreadId
WideCharToMultiByte
GetStdHandle
DeleteCriticalSection
CompareStringW
GetSystemTime
GetModuleFileNameA
TerminateProcess
HeapAlloc
GetVersion
GetModuleHandleA
RtlUnwind
LeaveCriticalSection
GetOEMCP
GetLocalTime
SetLastError
HeapCreate
CompareStringA
LoadLibraryA
SetEnvironmentVariableA
LCMapStringA
InterlockedExchange
GetEnvironmentStringsW
TlsSetValue
InitializeCriticalSection
SetHandleCount
EnterCriticalSection
GetStartupInfoA
GetCurrentThread
GetDiskFreeSpaceExW
CreateMutexA
ExitProcess
HeapReAlloc
QueryPerformanceCounter
SetStdHandle
GetStringTypeW
GetTickCount
GetProcAddress
LCMapStringW
GetStringTypeA
GetEnvironmentStrings
MultiByteToWideChar
HeapFree
FreeEnvironmentStringsW
WriteFile
VirtualAlloc
InterlockedIncrement
VirtualFree
OpenMutexA
GetACP
TlsAlloc
GetTimeZoneInformation
HeapDestroy
GetCPInfo
UnhandledExceptionFilter
GetCurrentProcess
FlushFileBuffers
TlsGetValue

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af73f4d72a0665f4a3ee8ff373e184c2

Headers

File Characteristics

Imports

shell32

user32

advapi32

comctl32

kernel32

Sections

.text Size: 318KB - Virtual size: 317KB

.rdata Size: 4KB - Virtual size: 35KB

.data Size: 320KB - Virtual size: 319KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 4KB - Virtual size: 35KB

.data
Size: 320KB - Virtual size: 319KB

.rsrc
Size: 5KB - Virtual size: 5KB