dd85387447cbffd7041a3131854ca8c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd85387447cbffd7041a3131854ca8c9_JaffaCakes118
Size

939KB
MD5

dd85387447cbffd7041a3131854ca8c9
SHA1

9fceff80e65156701ffebf5612e7ee0a23a41957
SHA256

767a31a28ce31f9de297e45a1bf0cfcb6fa10432475285c733619e072e20b0b7
SHA512

53101f8f5448b0b4519f8cd22d2997cb923ad152599a854765e7bed25c13f7918dae7af4ad37096569a176520773423acd63865663595189b205b0309634d8a6
SSDEEP

24576:bZDdVlreEK70AtIcw9qReawrUOb6XJo0jFzz:xFybthEp0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd85387447cbffd7041a3131854ca8c9_JaffaCakes118

Files

dd85387447cbffd7041a3131854ca8c9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7e68470c964f94ed10ddce535610aec9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW

advapi32

RegSetValueExW

kernel32

WriteConsoleW
GetCommandLineA
GetProcAddress
GlobalLock
GlobalUnlock
VirtualAlloc
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
GetLastError
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
WriteFile
CloseHandle
SystemTimeToFileTime
CreateEventW
FindResourceExW
GetFullPathNameW
MultiByteToWideChar
CompareStringW
LCMapStringW
GetThreadLocale
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
GetStringTypeW
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
EnterCriticalSection
GetModuleHandleW
CreateFileW
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

uxtheme

DrawThemeText
GetCurrentThemeName

userenv

GetUserProfileDirectoryW
ExpandEnvironmentStringsForUserW

shlwapi

SHSetValueW
PathStripToRootW
PathStripPathW
PathRemoveExtensionW
PathRemoveBlanksW
PathRemoveBackslashW
PathIsUNCW
PathIsRootW
PathGetDriveNumberW
PathFindNextComponentW
AssocQueryStringW
PathFindExtensionW
PathCombineW
PathCanonicalizeW
PathBuildRootW
PathAddBackslashW
StrRetToBufW
StrRetToStrW
StrStrW
StrCmpNW
StrChrIW
PathFindFileNameW

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 336KB - Virtual size: 7.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pee3n
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e68470c964f94ed10ddce535610aec9

Headers

File Characteristics

Imports

psapi

advapi32

kernel32

uxtheme

userenv

shlwapi

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 336KB - Virtual size: 7.6MB

.pee3n Size: 472KB - Virtual size: 472KB

.rsrc Size: 22KB - Virtual size: 24KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 336KB - Virtual size: 7.6MB

.pee3n
Size: 472KB - Virtual size: 472KB

.rsrc
Size: 22KB - Virtual size: 24KB