cfcc619fa71fb06d40f2f787909a90b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfcc619fa71fb06d40f2f787909a90b3_JaffaCakes118
Size

636KB
MD5

cfcc619fa71fb06d40f2f787909a90b3
SHA1

a1c20e4131e21ae8937b3dd834c1b61a25a5847c
SHA256

99a97c63311fa13afd66e708c2e0bd940c0f6ad8c0b50a59ec2f1ef97420acb9
SHA512

9c537db1617225a11dac6e88f28714bb44380b9167d5e0a848a5500a458d1b860c0a80a96d3757d6c37c220e1635646c1d9c3bd27d3990ad0203b34e3eae4318
SSDEEP

12288:Ky704qH2qZu2yFG+DTxgrDMPhfLJKttJrIpSSJ6VXRCN+QSfMROsZ6EIyI:E2WyA2TPFsl2SMRKwL52

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfcc619fa71fb06d40f2f787909a90b3_JaffaCakes118

Files

cfcc619fa71fb06d40f2f787909a90b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0e8191506adbcedc4ee0a538afbc01d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeFormatA
InterlockedDecrement
IsBadReadPtr
SetConsoleCtrlHandler
GetProcAddress
IsDebuggerPresent
HeapReAlloc
SetFilePointer
GetACP
GetStringTypeA
GetCurrentProcessId
SetLastError
EnterCriticalSection
GetFileType
SetStdHandle
TlsSetValue
IsValidCodePage
LocalFlags
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
TlsFree
GetCommandLineA
GetVersionExA
LCMapStringA
DeleteCriticalSection
GetStartupInfoA
CreateFileA
lstrlenA
ExitProcess
GetTickCount
CompareStringW
SetHandleCount
HeapFree
GetCurrentThread
GetModuleFileNameA
GetTimeZoneInformation
LoadLibraryA
QueryPerformanceCounter
GetConsoleOutputCP
VirtualAlloc
lstrlenW
GetCPInfo
TlsGetValue
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
WriteConsoleA
GetDateFormatA
GetLastError
GetOEMCP
OutputDebugStringA
TlsAlloc
InterlockedIncrement
GetConsoleCP
GetSystemTimeAsFileTime
GetEnvironmentStrings
FreeEnvironmentStringsA
MoveFileExA
GetEnvironmentStringsW
GetLocaleInfoA
FlushFileBuffers
RaiseException
LCMapStringW
WideCharToMultiByte
EnumSystemLocalesA
GetModuleFileNameW
OutputDebugStringW
WriteConsoleW
InitializeCriticalSection
SetEnvironmentVariableA
GetProcessHeap
WaitCommEvent
InterlockedExchange
GetStringTypeW
VirtualFree
GetConsoleMode
LeaveCriticalSection
FreeLibrary
FreeEnvironmentStringsW
IsValidLocale
HeapValidate
HeapAlloc
MultiByteToWideChar
CompareStringA
CloseHandle
HeapDestroy
VirtualQuery
GetModuleHandleA
LoadLibraryW
GetStdHandle
GetUserDefaultLCID
RtlUnwind
DebugBreak
WriteFile
HeapCreate

advapi32

CryptGetKeyParam
DuplicateTokenEx
CryptDuplicateKey
RegNotifyChangeKeyValue
RegReplaceKeyA
LookupPrivilegeDisplayNameW
CryptGenKey
LookupPrivilegeNameA
CryptSignHashW
RegDeleteKeyW
ReportEventA

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 351KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e8191506adbcedc4ee0a538afbc01d9

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 274KB - Virtual size: 273KB

.data Size: 351KB - Virtual size: 378KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 274KB - Virtual size: 273KB

.data
Size: 351KB - Virtual size: 378KB

.rsrc
Size: 10KB - Virtual size: 10KB