b88ed950cbdc3b4cc3c009db46c33c3a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b88ed950cbdc3b4cc3c009db46c33c3a_JaffaCakes118
Size

460KB
MD5

b88ed950cbdc3b4cc3c009db46c33c3a
SHA1

bf857065b4c9b98137eafcbf4b614e21d714d5c3
SHA256

cd375d7b1cb9507cb554de32116557d7d94815b20f382b8fb4875b1aec21711e
SHA512

425d547d1801c5d03e92b7b4145ac2f569cc7027ae570e676e054c4c79c55eaa7ab32a000409444dc9bac5da3022fe5439f2755a67f6827ed28a1e9b82bdabce
SSDEEP

12288:KgGqs61lBcTQ10jL8mG6S27SxXifvrFhJ9Qfvs6ADgEhChDmLdaYFebkp5pr:nNbBcKALbGXifvrFr9QczChmLYYFewVr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b88ed950cbdc3b4cc3c009db46c33c3a_JaffaCakes118

Files

b88ed950cbdc3b4cc3c009db46c33c3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

94d54c6a076b7e0d384feb52f8f2c833

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFileInfoW
SHInvokePrinterCommandA
CheckEscapesW
SHGetDiskFreeSpaceA
SHLoadInProc
SHFileOperationA
SheGetDirA
SHGetDataFromIDListW
DragFinish
SHGetSettings
ExtractAssociatedIconExW
ExtractIconExA

advapi32

StartServiceW
GetUserNameA
CryptEnumProviderTypesW
RegQueryInfoKeyA
RegQueryValueA
RegEnumValueA
CryptVerifySignatureA
RevertToSelf
RegDeleteValueW
CryptExportKey
RegEnumKeyExW

gdi32

FillPath
SetSystemPaletteUse
DeviceCapabilitiesExW
BitBlt
SetWindowOrgEx
GetCharWidth32A
PlayMetaFile
GetWindowExtEx
CreatePenIndirect
CreateEnhMetaFileW
DeleteObject
CreateHalftonePalette
GetCharacterPlacementW
GetClipRgn
GetPixelFormat
SetArcDirection
SelectPalette
GetTextExtentPoint32A

wininet

GetUrlCacheEntryInfoExA
InternetSetOptionA
FindNextUrlCacheEntryExW

kernel32

CompareFileTime
TerminateProcess
GetFileAttributesExW
RtlUnwind
GetStartupInfoW
TlsSetValue
UnhandledExceptionFilter
GetCommandLineA
LoadLibraryA
CompareStringW
EnumSystemLocalesA
HeapCreate
GetStartupInfoA
HeapDestroy
InterlockedIncrement
InterlockedDecrement
GetDateFormatA
GetStdHandle
FreeLibrary
HeapReAlloc
ExitProcess
ReadFile
ReadFileEx
GetCurrentProcessId
FindNextFileA
GetModuleFileNameA
GetFileType
GetLastError
QueryPerformanceCounter
SleepEx
lstrcpyn
LCMapStringW
GetUserDefaultLCID
WriteFile
GetProcAddress
DeleteCriticalSection
GetCPInfo
LCMapStringA
RemoveDirectoryA
WriteFileEx
IsDebuggerPresent
GetTickCount
FreeEnvironmentStringsA
TlsAlloc
GetDiskFreeSpaceExA
SetEnvironmentVariableA
GetEnvironmentStringsW
GetStringTypeA
GetModuleHandleA
LeaveCriticalSection
GlobalAlloc
TlsFree
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetTimeFormatA
VirtualAlloc
GetACP
EnumDateFormatsExW
SetUnhandledExceptionFilter
GetExitCodeProcess
HeapAlloc
InterlockedExchange
HeapSize
GetOEMCP
IsValidLocale
SetHandleCount
SetConsoleCtrlHandler
GetLocaleInfoA
CompareStringA
EnterCriticalSection
GetConsoleOutputCP
SetLastError
VirtualQuery
GetSystemDirectoryA
GetLocaleInfoW
GetCurrentThread
WideCharToMultiByte
TlsGetValue
GetVersionExA
GetEnvironmentStrings
SetCurrentDirectoryA
MultiByteToWideChar
HeapFree
GetComputerNameA
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
VirtualFree
Sleep
GetStringTypeW
IsValidCodePage
GetModuleHandleW
LocalLock
GetCurrentProcess
GetVersionExW
GetCurrentThreadId

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94d54c6a076b7e0d384feb52f8f2c833

Headers

File Characteristics

Imports

shell32

advapi32

gdi32

wininet

kernel32

Sections

.text Size: 141KB - Virtual size: 140KB

.data Size: 312KB - Virtual size: 316KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 141KB - Virtual size: 140KB

.data
Size: 312KB - Virtual size: 316KB

.rsrc
Size: 6KB - Virtual size: 5KB