c8be3a7e91cfa426531935853823e4ba_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c8be3a7e91cfa426531935853823e4ba_JaffaCakes118
Size

590KB
MD5

c8be3a7e91cfa426531935853823e4ba
SHA1

137c5469f469d721a4fbba9ba87d6e2e9f0005e6
SHA256

e454cd6f7220ae25083c5e183e04fde1c26b1b6d9119e2aca4fc8b0125cd0be7
SHA512

18de5016689e72c6d99720d1cc1f4a831ed07f8447a7fdd4e0dc9d0aacce5882c02dd417588a715dca86a8becd2e9024ec0f9336eaa0b5b6eadf09d75f952db2
SSDEEP

12288:VmXxN5Hef7wWHX+IuNEFVqhJuWYI17c8Z7zo1N9:uN5+f7t3cEFVq5Y0wu7zo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8be3a7e91cfa426531935853823e4ba_JaffaCakes118

Files

c8be3a7e91cfa426531935853823e4ba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

423f1cd27245f479d4d05b04abc7274e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegReplaceKeyW
RegCreateKeyExA
LogonUserW
RegSaveKeyW
OpenEventLogA
RegOpenKeyA
RegEnumKeyA
RegUnLoadKeyW
OpenServiceA
RegDeleteValueA

cmpbk32

PhoneBookEnumNumbers
PhoneBookFreeFilter
PhoneBookLoad
PhoneBookCopyFilter
PhoneBookEnumCountries

dsprop

CrackName
CheckADsError

untfs

Format
FormatEx
Recover

shlwapi

UrlUnescapeW
UrlHashA
UrlCombineW
PathCombineA
UrlGetLocationA
UrlIsA
UrlIsNoHistoryW
UrlCompareA
UrlCanonicalizeW
UrlGetPartW
PathCompactPathW
PathCommonPrefixW

crypt32

CertCompareCertificate
CertRemoveStoreFromCollection
CertOpenStore
CertSaveStore
CertAlgIdToOID
CertGetNameStringA
CertDeleteCRLFromStore
CertFindChainInStore
CertFindCRLInStore
CertNameToStrA
CertDuplicateCRLContext
CryptEnumOIDInfo

clusapi

ClusterEnum
CloseClusterNode
CloseCluster
CloseClusterGroup

kernel32

FindNextFileA
GetModuleHandleA
FindClose
WriteConsoleA
lstrcmpi
GetProcAddress
CreateProcessW
GetFileAttributesA
FindFirstFileW
CreateJobObjectA
GetConsoleTitleW
lstrcpy
CreateDirectoryA
OpenProcess
OpenThread
GetLogicalDriveStringsA
lstrcmpiA
WaitForSingleObject
DeleteFileA
GetCommandLineA
GetEnvironmentVariableW
GetPriorityClass
GetTempFileNameA
LoadLibraryA
CreateFileMappingW
FileTimeToSystemTime

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lock
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

423f1cd27245f479d4d05b04abc7274e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cmpbk32

dsprop

untfs

shlwapi

crypt32

clusapi

kernel32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 21KB - Virtual size: 20KB

.lock Size: 523KB - Virtual size: 523KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 21KB - Virtual size: 20KB

.lock
Size: 523KB - Virtual size: 523KB

.rsrc
Size: 2KB - Virtual size: 1KB