bb58fbb2c350db35f8762d8dc5116792_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb58fbb2c350db35f8762d8dc5116792_JaffaCakes118
Size

422KB
MD5

bb58fbb2c350db35f8762d8dc5116792
SHA1

aa446524af20bab4b2ddc80af97f5f65f9ec91e2
SHA256

70e5b40e46685a81982e969560f9f7079e09b13d16b65e8163144d71f3537e7e
SHA512

bd7f7d5854a2f1d2e7a44136cd4431acf0c25c3573ed96b4d4bbdc67317c2702a444f58474c52797bf348a4c040bf1f6fe8203851fe1bd63d6050abf28c7a2a2
SSDEEP

12288:zDMXG1egM2649+3FkOBv5mY8VT+Gke8vxbyl02I:1O9VkMwYqa/eubyl0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb58fbb2c350db35f8762d8dc5116792_JaffaCakes118

Files

bb58fbb2c350db35f8762d8dc5116792_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4bdde725c5d0f590165e28c991f7c5cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceW
VirtualProtect
LeaveCriticalSection
RtlUnwind
InterlockedExchange
lstrcmpiW
GetEnvironmentStringsW
EnterCriticalSection
HeapAlloc
HeapSize
GlobalAddAtomW
GetCurrentProcessId
ExitProcess
WriteProfileSectionA
EnumSystemLocalesA
GetStartupInfoA
GetModuleHandleA
CompareStringW
FormatMessageW
GetStdHandle
CompareStringA
FreeEnvironmentStringsW
GetExitCodeProcess
HeapFree
TlsSetValue
GetCommandLineA
GetDiskFreeSpaceA
GetTickCount
GlobalAddAtomA
TerminateProcess
DeleteCriticalSection
UnhandledExceptionFilter
GetCurrentThreadId
GetConsoleTitleW
LoadLibraryA
GetLastError
WriteFile
GetUserDefaultLCID
GetSystemInfo
WideCharToMultiByte
TlsGetValue
GetCurrentProcess
GetFileType
SetStdHandle
IsValidCodePage
TlsFree
GetCurrentThread
SetEnvironmentVariableA
GetLocaleInfoW
ReadConsoleOutputCharacterA
GetVersionExA
TlsAlloc
VirtualFree
HeapDestroy
FreeEnvironmentStringsA
GetEnvironmentStrings
SetLastError
SetThreadLocale
WriteConsoleOutputCharacterA
HeapCreate
SetSystemTime
VirtualQuery
InitializeCriticalSection
GetOEMCP
GetTimeFormatW
IsBadWritePtr
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
SetHandleCount
GetVolumeInformationW
GetModuleFileNameA
GetProcAddress
GetLocaleInfoA
GetTimeZoneInformation
SetConsoleCursorInfo
IsValidLocale
GetTimeFormatA
GetStringTypeW
GetCPInfo
LCMapStringA
QueryPerformanceCounter
LCMapStringW
GetSystemTimeAsFileTime
VirtualAlloc
GetACP
GetDateFormatA

comdlg32

GetOpenFileNameW

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bdde725c5d0f590165e28c991f7c5cc

Headers

File Characteristics

Imports

kernel32

comdlg32

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 7KB - Virtual size: 26KB

.data Size: 283KB - Virtual size: 283KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 7KB - Virtual size: 26KB

.data
Size: 283KB - Virtual size: 283KB

.rsrc
Size: 7KB - Virtual size: 6KB