d6b19031099aceafac6caf4a4f5d4d34_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6b19031099aceafac6caf4a4f5d4d34_JaffaCakes118
Size

468KB
MD5

d6b19031099aceafac6caf4a4f5d4d34
SHA1

386e81b0eb5b9f7675b0e8929c7875ba3a9c5511
SHA256

11e64d1bbf46bf74a2beb0194ad1faa55f95cf498381c1690ac6b1b3f00645ac
SHA512

3ba8c703304662086ba1c4d6eaf8abc1a0ebf2525ff26c2317780e406e6b200b993d3fdba2aa958e5fdf6782675defe6100e9b39f625021d80078c8b9a8554f4
SSDEEP

6144:JTnLgZMbk+a0UN3WuD4+mGHz/cNabVi2AMa9bbjS9iC+h1O0oINu+5GA2/W9Ej9I:F8GGNjK4AOVUmcB19oINucG7j9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6b19031099aceafac6caf4a4f5d4d34_JaffaCakes118

Files

d6b19031099aceafac6caf4a4f5d4d34_JaffaCakes118
.exe windows:4 windows x86 arch:x86

318a1a5ea3aedfe2ecb3faada6c74a26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

PageSetupDlgA
GetFileTitleW

advapi32

CryptAcquireContextW
RegCreateKeyExW
RegDeleteValueA
DuplicateToken
InitiateSystemShutdownW
CryptGetProvParam
CryptGetKeyParam
ReportEventA
LookupSecurityDescriptorPartsW

kernel32

FileTimeToDosDateTime
CompareStringW
InterlockedIncrement
GetACP
IsValidCodePage
EnumTimeFormatsA
LocalAlloc
EnumResourceNamesW
GetEnvironmentStrings
TlsAlloc
HeapReAlloc
GetProcessHeap
InterlockedDecrement
GetVersionExW
VirtualAlloc
CreateRemoteThread
GetCurrentThreadId
GetTickCount
GetStdHandle
GetModuleHandleA
GetCPInfo
SetEnvironmentVariableA
WriteConsoleOutputW
WideCharToMultiByte
GetCurrentProcess
GetVolumeInformationA
SetConsoleCtrlHandler
GetProfileIntA
IsDebuggerPresent
LoadLibraryA
GetLocaleInfoA
SetUnhandledExceptionFilter
GetCommandLineW
FreeEnvironmentStringsW
HeapCreate
GetModuleFileNameW
VirtualFree
SetFilePointer
GetLocaleInfoW
QueryPerformanceCounter
GetOEMCP
InitializeCriticalSection
GetVersionExA
HeapFree
IsValidLocale
TlsGetValue
GetCurrentThread
LCMapStringW
GetStartupInfoA
EnumSystemLocalesA
VirtualQuery
HeapAlloc
HeapDestroy
InterlockedExchange
GetCompressedFileSizeW
HeapSize
TerminateProcess
GetTimeFormatA
GetEnvironmentStringsW
EnterCriticalSection
GetStringTypeA
RtlUnwind
GetCurrentProcessId
TlsSetValue
TlsFree
WriteFile
GetProcAddress
SetHandleCount
GetCurrencyFormatW
GetModuleFileNameA
CompareStringA
SetConsoleMode
GetVolumeInformationW
GetStartupInfoW
WriteConsoleOutputAttribute
GetStringTypeW
FreeEnvironmentStringsA
FreeLibrary
GetTimeZoneInformation
GetSystemTimeAsFileTime
MultiByteToWideChar
GetLastError
GetCommandLineA
LCMapStringA
GetDateFormatA
DeleteCriticalSection
ExitProcess
Sleep
SetLastError
GetUserDefaultLCID
UnhandledExceptionFilter
LeaveCriticalSection
GetFileType

wininet

HttpOpenRequestW
InternetDialA
InternetAlgIdToStringW
ShowSecurityInfo
InternetFindNextFileW

user32

TileWindows
GetCaretBlinkTime
GetMenuItemRect
wsprintfW
GetQueueStatus
DrawFocusRect
TileChildWindows

shell32

SHGetSettings
SHBrowseForFolder

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

318a1a5ea3aedfe2ecb3faada6c74a26

Headers

File Characteristics

Imports

comdlg32

advapi32

kernel32

wininet

user32

shell32

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 9KB - Virtual size: 40KB

.data Size: 323KB - Virtual size: 323KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 9KB - Virtual size: 40KB

.data
Size: 323KB - Virtual size: 323KB

.rsrc
Size: 12KB - Virtual size: 11KB