d1825d0ee9a0120b40dec3b993e2d924_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1825d0ee9a0120b40dec3b993e2d924_JaffaCakes118
Size

440KB
MD5

d1825d0ee9a0120b40dec3b993e2d924
SHA1

9992a901361323b8fce8e5135d8cc7b740f5d874
SHA256

efd76fc8f3b5363ebbfa2de3227faa94769d33428c114de6f3172834c6dcc37d
SHA512

1022894f3fe7fc9774356d763718dedaee6320a8e920c1c7d310653bea7c42210ce54ac3f9f5ac4f96ed92b5507af2130bbc43b65c45deb1171a64e6dcd51c8c
SSDEEP

6144:c4bG2TfKg02C/ZXw0lyaOAFQfafDQ8sPbXH8L3gCAB4pjUfeL7UFfv1:c4ZfJ0n/+k5QfafDQ8lQZCRge/K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1825d0ee9a0120b40dec3b993e2d924_JaffaCakes118

Files

d1825d0ee9a0120b40dec3b993e2d924_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c7ef7b6ace74026a6fa82570bcfba2b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DdeDisconnectList
RealGetWindowClass
GetScrollPos
WinHelpA
DestroyCursor
GetClipboardSequenceNumber

wininet

DeleteIE3Cache

kernel32

IsValidLocale
GetTimeZoneInformation
EnterCriticalSection
GetUserDefaultLCID
GetLocaleInfoA
HeapAlloc
LeaveCriticalSection
GetCurrentProcess
SetLastError
CompareStringA
HeapFree
GetModuleHandleA
InitializeCriticalSection
GetCPInfo
GetProcessHeap
RtlUnwind
GetModuleFileNameA
InterlockedDecrement
TlsAlloc
LCMapStringW
LoadLibraryA
ExitProcess
QueryPerformanceCounter
LCMapStringA
HeapReAlloc
VirtualQuery
SetHandleCount
GetProcAddress
FreeEnvironmentStringsW
GetStringTypeA
HeapSize
EnumSystemLocalesA
GetSystemTimeAsFileTime
GetLastError
GetOEMCP
GetDateFormatA
GetTimeFormatA
DeleteCriticalSection
HeapCreate
GetFileType
GetEnvironmentStrings
UnhandledExceptionFilter
TerminateProcess
SetEnvironmentVariableA
GetStartupInfoA
GetCurrentThreadId
TlsGetValue
MultiByteToWideChar
LocalFlags
IsValidCodePage
GetVersionExA
InterlockedExchange
GetStdHandle
GetACP
GetStringTypeW
FreeLibrary
TlsFree
SetConsoleCtrlHandler
WideCharToMultiByte
TlsSetValue
GetCurrentProcessId
IsDebuggerPresent
GetCommandLineW
GetLocaleInfoW
GetCommandLineA
HeapDestroy
GetModuleFileNameW
VirtualAlloc
GetStartupInfoW
InterlockedIncrement
VirtualFree
GetCurrentThread
WriteFile
GetEnvironmentStringsW
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetTickCount
Sleep
CompareStringW

comdlg32

ChooseColorW
ChooseColorA

advapi32

LookupPrivilegeValueW
LogonUserA
CryptDuplicateHash
CryptGetProvParam
RegQueryValueA
CryptCreateHash
ReportEventW
RegQueryValueW
RegEnumKeyExW
RegSetValueExW
LookupAccountSidW
AbortSystemShutdownW
LookupPrivilegeNameA

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7ef7b6ace74026a6fa82570bcfba2b9

Headers

File Characteristics

Imports

user32

wininet

kernel32

comdlg32

advapi32

Sections

.text Size: 140KB - Virtual size: 139KB

.rdata Size: 8KB - Virtual size: 16KB

.data Size: 278KB - Virtual size: 278KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 140KB - Virtual size: 139KB

.rdata
Size: 8KB - Virtual size: 16KB

.data
Size: 278KB - Virtual size: 278KB

.rsrc
Size: 12KB - Virtual size: 12KB