b9e655db54a35fd9b5405360a33b79d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9e655db54a35fd9b5405360a33b79d5_JaffaCakes118
Size

16.9MB
MD5

b9e655db54a35fd9b5405360a33b79d5
SHA1

ea49eef3b155ae0061df327d58b42ac7d8d18844
SHA256

10d639e3c8123c342718fe0e0d3c81988370fead487165a338e4234b62fbed34
SHA512

3e32fff8e66c51e5eb26340bcd44eceabe365a0123dc778c540617b1fbbc79d47d3f99f8bac0f2e3ed842ac803e083305dedfee92a33330befb89298069db4a5
SSDEEP

393216:tGaP4fRCvNJ0O74utVmvrXbSZvl7uiuelpnCHKyKJbwIBf5rug9:DAOxtwv7bSL7u/elpCHKpFXrug

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9e655db54a35fd9b5405360a33b79d5_JaffaCakes118

Files

b9e655db54a35fd9b5405360a33b79d5_JaffaCakes118
.exe windows:0 windows x86 arch:x86

d0efb4261c109afb342570e4741ed257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceExW
GetLocalTime
CreateDirectoryW
GetModuleFileNameW
MoveFileExW
CreateProcessW
CloseHandle
Sleep
GetTempFileNameW
FindFirstFileW
FindNextFileW
FindClose
GetComputerNameW
WideCharToMultiByte
FindResourceW
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
GetLastError
MultiByteToWideChar
lstrlenA
lstrlenW
GetModuleHandleW
GetCurrentProcess
GetProcAddress
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
LoadLibraryW
IsProcessorFeaturePresent
IsValidCodePage
GetCommandLineW
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP

advapi32

GetUserNameW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CreateStreamOnHGlobal

shell32

ord165
SHGetSpecialFolderPathW

oleaut32

SysFreeString
SysAllocStringLen

shlwapi

ord214
PathAppendW
SHCreateStreamOnFileEx
ord12
PathAddExtensionW
PathStripPathW
PathStripToRootW
PathFileExistsW
ord213

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 453KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.3MB - Virtual size: 16.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0efb4261c109afb342570e4741ed257

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

shell32

oleaut32

shlwapi

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 453KB - Virtual size: 461KB

.rsrc Size: 16.3MB - Virtual size: 16.3MB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 453KB - Virtual size: 461KB

.rsrc
Size: 16.3MB - Virtual size: 16.3MB

.reloc
Size: 8KB - Virtual size: 7KB