d69273e819a59772618f80733d27392a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d69273e819a59772618f80733d27392a_JaffaCakes118
Size

514KB
MD5

d69273e819a59772618f80733d27392a
SHA1

1eab6b5cbb3d807bb2aaac50bd2a51bef10e847f
SHA256

9d4e8445cf4d5aa4487bf04a074ea6cd5a6488d7ee91c8fd2ef7a97235dcf451
SHA512

e2ae7d8ac20f2f75cfa0dcba5dcf8f5fb087c7d3d2c04dae5287d3dfd046b0e5b79de30f26a2ee61c3771f209e3384a83c1c8fddb20ab17c881e217212471eb3
SSDEEP

12288:XTR2fdiZ4vf5S6DLqVfRGNmZGRdWmPVVj2ki4N/6/vt8:jR21iZCfM6DLuQGmrjG/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d69273e819a59772618f80733d27392a_JaffaCakes118

Files

d69273e819a59772618f80733d27392a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d2966ca732b3416210928436a0233bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassExA
RegisterClassA
ValidateRgn

kernel32

WriteFile
GetFileType
CompareStringA
OpenMutexA
GetStringTypeA
HeapCreate
VirtualAlloc
GetCPInfo
LCMapStringW
InitializeCriticalSection
CommConfigDialogA
TlsSetValue
TlsGetValue
SetStdHandle
ExitProcess
HeapReAlloc
GetACP
IsValidLocale
TlsAlloc
InterlockedIncrement
TerminateProcess
GetProcAddress
HeapAlloc
DeleteCriticalSection
VirtualProtectEx
GlobalReAlloc
RtlUnwind
IsBadWritePtr
GetCurrentThreadId
GetLastError
FreeEnvironmentStringsW
CompareStringW
GetTickCount
GetEnvironmentStringsW
lstrcpyW
UnhandledExceptionFilter
GlobalLock
FlushFileBuffers
GetStartupInfoA
FreeEnvironmentStringsA
GetStringTypeW
MultiByteToWideChar
InterlockedDecrement
GlobalAlloc
SetHandleCount
HeapFree
GetLocalTime
GetCurrentProcess
GetConsoleScreenBufferInfo
ExpandEnvironmentStringsA
GetModuleHandleA
FindResourceA
GetOEMCP
CreateMutexA
InterlockedExchange
ReadFile
WideCharToMultiByte
HeapDestroy
OpenSemaphoreW
TlsFree
SetFilePointer
GetEnvironmentStrings
SetLastError
GetCurrentProcessId
GetCommandLineA
QueryPerformanceCounter
GetModuleFileNameA
GetVersion
LoadLibraryA
FreeLibrary
GetTimeZoneInformation
GetCurrentThread
VirtualQuery
VirtualFree
LeaveCriticalSection
GetSystemTime
EnterCriticalSection
GetStdHandle
SetEnvironmentVariableA
LCMapStringA
GetSystemTimeAsFileTime
CloseHandle

comctl32

InitCommonControlsEx

comdlg32

ReplaceTextW
PrintDlgA
GetFileTitleW

shell32

RealShellExecuteA
SHGetPathFromIDListW
ShellExecuteExW
SHGetNewLinkInfo

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d2966ca732b3416210928436a0233bc

Headers

File Characteristics

Imports

user32

kernel32

comctl32

comdlg32

shell32

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 4KB - Virtual size: 11KB

.data Size: 315KB - Virtual size: 314KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 4KB - Virtual size: 11KB

.data
Size: 315KB - Virtual size: 314KB

.rsrc
Size: 6KB - Virtual size: 6KB