e1f69ae52fdedd722a87b6fe1927d94f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1f69ae52fdedd722a87b6fe1927d94f_JaffaCakes118
Size

117KB
MD5

e1f69ae52fdedd722a87b6fe1927d94f
SHA1

bbf44dd7bf70e4872432bc82cb6cfac7de5d2aab
SHA256

ddbb885db8467bbe75576bcbec3ac4081c73bea0bd08ea9197ad86db48639810
SHA512

529be3abbb54be09b5b8f552aa0dad12e5fbc195d2a4ff43a8a4c22f531145dcdeee7b5fa7c8d971fbf29a40a6341ca3903bf4f81263cc6d26e9f7f7a1683df2
SSDEEP

3072:0SXMaP2UgekLXP74WLV2c63O2jTwJIGKzD3kp:PcA2UPkLEIO3ZvwYP3A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1f69ae52fdedd722a87b6fe1927d94f_JaffaCakes118

Files

e1f69ae52fdedd722a87b6fe1927d94f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af8d421d77e9033247e2417fd0bf0775

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ord179

kernel32

ReadFile
FatalExit
SetConsoleWindowInfo
GetOverlappedResult
BackupRead
GetProcessWorkingSetSize
CreateFileA
GetFileSize
CloseHandle
MapViewOfFile
ExitThread
VirtualFree
GetModuleFileNameA
UnmapViewOfFile
LoadLibraryA
GetProcAddress
lstrcmpA
GetLastError
InterlockedExchange
FreeLibrary
GetCPInfoExW
LocalFree
SetLocalTime
GetTimeZoneInformation
FillConsoleOutputCharacterA
GetProcessHeaps
LocalSize
GetModuleHandleA
RegisterWaitForSingleObjectEx
GetBinaryTypeA
LocalAlloc
GetCommandLineA
lstrcpynA
VirtualQuery
CreateFileMappingA
RaiseException

shlwapi

SHSkipJunction
PathIsNetworkPathW
PathMakePrettyA
PathBuildRootA

gdi32

CreateEnhMetaFileA
ColorCorrectPalette
SetLayout
SetMetaFileBitsEx
CreateBrushIndirect
GetPixel
SetMapMode

msvcrt

abort
mbstowcs
memset
memcpy

advapi32

AddAuditAccessAce
GetCurrentHwProfileA
LookupAccountNameW
CryptSetProviderExA

clusapi

ClusterRegQueryInfoKey

user32

SetCaretBlinkTime
DefMDIChildProcW
GetSystemMetrics
OpenDesktopA
GetDCEx
DlgDirSelectComboBoxExA
OpenIcon

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata1
Size: 512B - Virtual size: 403B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata0
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

QMst6
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

+7jQTy
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sh7
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Suj
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

60y6
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af8d421d77e9033247e2417fd0bf0775

Headers

File Characteristics

Imports

shell32

kernel32

shlwapi

gdi32

msvcrt

advapi32

clusapi

user32

Sections

.text Size: 14KB - Virtual size: 13KB

.idata1 Size: 512B - Virtual size: 403B

.idata0 Size: 1024B - Virtual size: 610B

QMst6 Size: 8KB - Virtual size: 8KB

.data Size: 9KB - Virtual size: 11KB

+7jQTy Size: 5KB - Virtual size: 4KB

sh7 Size: 23KB - Virtual size: 23KB

Suj Size: 46KB - Virtual size: 46KB

60y6 Size: 8KB - Virtual size: 7KB

.text
Size: 14KB - Virtual size: 13KB

.idata1
Size: 512B - Virtual size: 403B

.idata0
Size: 1024B - Virtual size: 610B

QMst6
Size: 8KB - Virtual size: 8KB

.data
Size: 9KB - Virtual size: 11KB

+7jQTy
Size: 5KB - Virtual size: 4KB

sh7
Size: 23KB - Virtual size: 23KB

Suj
Size: 46KB - Virtual size: 46KB

60y6
Size: 8KB - Virtual size: 7KB