cdf7c4bc0813b45f81ca12cfc3529d12_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cdf7c4bc0813b45f81ca12cfc3529d12_JaffaCakes118
Size

482KB
MD5

cdf7c4bc0813b45f81ca12cfc3529d12
SHA1

36fbddb58abb64620a7eba996d9432b657f00da0
SHA256

504de4dd262c91fa24269c19fceab2fcb4d8eedd0a3aa5e29b46ecf735e88c7b
SHA512

91023357213064bddbcf31513635fe9a6274b0805709d8dc98b238191cee62b6891c0941a699f850154270d0a3f3e49f5610888ff51be2a2e5424d151ad16024
SSDEEP

12288:jF9OeBwICocVTQZjP7SiTk53byH9Jpv9SYIsGvo05:BNBkocVTQZ7uik3bO9v9zx05

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cdf7c4bc0813b45f81ca12cfc3529d12_JaffaCakes118

Files

cdf7c4bc0813b45f81ca12cfc3529d12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

afa6fa54e61e9344785c83691d09c3b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileW
SHBrowseForFolderA
RealShellExecuteExA
SHGetNewLinkInfo

comctl32

InitCommonControlsEx

kernel32

LCMapStringW
FreeResource
RtlUnwind
LeaveCriticalSection
VirtualFree
LoadLibraryA
LoadResource
OpenMutexA
HeapAlloc
GetCurrentThreadId
FlushFileBuffers
WideCharToMultiByte
QueryPerformanceCounter
CreateEventA
GetStartupInfoA
HeapCreate
CreateMutexA
ReadFile
SetConsoleTitleW
IsValidCodePage
TlsSetValue
lstrlenA
GetEnvironmentStrings
GetTimeFormatA
SetHandleCount
GetOEMCP
InitializeCriticalSection
IsValidLocale
VirtualUnlock
SetFilePointer
FreeEnvironmentStringsA
DeleteCriticalSection
EnumTimeFormatsA
GetModuleHandleA
GlobalFindAtomW
GetCurrentThread
TlsAlloc
TlsFree
UnhandledExceptionFilter
EnterCriticalSection
GetTimeZoneInformation
CreateEventW
EnumSystemLocalesA
VirtualQuery
SetStdHandle
VirtualAlloc
GetEnvironmentStringsW
ExitProcess
CompareStringW
HeapDestroy
SetLastError
VirtualProtect
GetTickCount
GetLocaleInfoW
HeapSize
FillConsoleOutputCharacterW
WriteFile
LCMapStringA
GetACP
GetSystemTimeAsFileTime
InterlockedExchange
ReadConsoleInputW
GetStdHandle
GetVersionExA
GetSystemInfo
GetCurrentProcessId
GetCurrentProcess
FreeEnvironmentStringsW
GetStringTypeW
MultiByteToWideChar
WriteConsoleOutputCharacterW
FindResourceW
IsBadWritePtr
GetDateFormatA
FindClose
TerminateProcess
GetLocaleInfoA
GetCPInfo
SetUnhandledExceptionFilter
GetModuleFileNameA
GetFileType
CloseHandle
CompareStringA
SetEnvironmentVariableA
HeapReAlloc
GetProcAddress
FlushConsoleInputBuffer
SetConsoleOutputCP
GetCommandLineA
HeapFree
GetUserDefaultLCID
GetLastError
lstrcpyn
GetStringTypeA
SetConsoleScreenBufferSize
TlsGetValue

user32

RegisterClassA
SubtractRect
GetSysColorBrush
wsprintfA
RemoveMenu
RegisterClassExA
MessageBoxExA
GetClassLongA
GetClassInfoA

advapi32

CryptGetDefaultProviderA
RegCloseKey
RegDeleteValueW
CryptCreateHash
RegSetKeySecurity
LookupAccountSidA
LogonUserW
RegQueryInfoKeyA
LookupSecurityDescriptorPartsA
CryptGetHashParam
GetUserNameW
StartServiceA
RegReplaceKeyW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afa6fa54e61e9344785c83691d09c3b6

Headers

File Characteristics

Imports

shell32

comctl32

kernel32

user32

advapi32

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 8KB - Virtual size: 32KB

.data Size: 311KB - Virtual size: 310KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 8KB - Virtual size: 32KB

.data
Size: 311KB - Virtual size: 310KB

.rsrc
Size: 11KB - Virtual size: 11KB