e26dd50f9a13502b5fc8da2e8cd6739e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e26dd50f9a13502b5fc8da2e8cd6739e_JaffaCakes118
Size

502KB
MD5

e26dd50f9a13502b5fc8da2e8cd6739e
SHA1

a807e19c7e798b272bd6e156df4c74e814bb1999
SHA256

61ce5308e6e1eb3211396d3041cab0290e0a582e4f2aa778110faaf9dab42a08
SHA512

971f92565e9d9ecd25c0617620cc7302bfc3b6147fe3bb0c8aad8744782aa531885aad9d9a98be9b7853c9e7249b011960e4c1fb4ca82400fae682c34c99454b
SSDEEP

12288:qlE+/YSCUgSYELdMMTdHZWrCMCxBbylz:BFaVLdMadH4DCxR0z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e26dd50f9a13502b5fc8da2e8cd6739e_JaffaCakes118

Files

e26dd50f9a13502b5fc8da2e8cd6739e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d3bacbe3b45a615ec4f696de56924cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
ExitProcess
GetTickCount
TlsFree
GetCommandLineA
GetStdHandle
VirtualQuery
CommConfigDialogW
TlsGetValue
GetStringTypeW
GetNamedPipeHandleStateW
SetFilePointer
GetOEMCP
GetDateFormatA
MultiByteToWideChar
GetModuleFileNameA
GetEnvironmentStringsW
HeapDestroy
CompareStringW
SetEnvironmentVariableA
FreeLibrary
IsValidLocale
VirtualFree
OpenWaitableTimerW
WriteConsoleA
SetHandleCount
OpenMutexW
CreateMutexA
SetWaitableTimer
FlushFileBuffers
CloseHandle
CreateFileA
InterlockedIncrement
GetModuleHandleA
WriteConsoleW
MoveFileExW
QueryPerformanceCounter
WriteFile
SetConsoleCtrlHandler
FreeEnvironmentStringsW
lstrlenA
HeapAlloc
SetUnhandledExceptionFilter
HeapReAlloc
HeapCreate
RtlUnwind
GlobalGetAtomNameA
GetSystemTimeAdjustment
GetStringTypeA
GetLastError
TerminateProcess
FlushViewOfFile
GetNamedPipeHandleStateA
EnterCriticalSection
EnumCalendarInfoExW
GetProcAddress
TlsSetValue
GetCurrentProcess
GetACP
GetStartupInfoA
InterlockedDecrement
GetCurrentThread
GetLocaleInfoW
LoadLibraryA
VirtualAlloc
GetProcessHeap
GetEnvironmentVariableA
IsDebuggerPresent
Sleep
GlobalDeleteAtom
GetCurrentThreadId
IsValidCodePage
LeaveCriticalSection
LCMapStringW
GetConsoleOutputCP
HeapSize
GetFileType
GetConsoleMode
FreeEnvironmentStringsA
TlsAlloc
GetTimeFormatA
GetVersionExA
OpenMutexA
ReadFile
GetCPInfo
InitializeCriticalSection
WideCharToMultiByte
GetEnvironmentStrings
GetUserDefaultLCID
HeapFree
DeleteCriticalSection
GetTimeFormatW
SetStdHandle
InterlockedExchange
GetLocaleInfoA
UnhandledExceptionFilter
SetLastError
ReadFileEx
SetEnvironmentVariableW
LCMapStringA
GetTimeZoneInformation
EnumSystemLocalesA
GetConsoleCP
GetCurrentProcessId
CompareStringA
GetSystemTimeAsFileTime

advapi32

CryptDecrypt
LookupAccountSidW
StartServiceW
CryptSignHashW
CryptDeriveKey
ReportEventA
CryptVerifySignatureA
CryptSetProviderExA
RegCloseKey
RegRestoreKeyA
RevertToSelf
RegCreateKeyW
RegDeleteValueA
LookupPrivilegeDisplayNameW
RegSetValueExW

user32

GetWindowThreadProcessId
UnregisterHotKey
RegisterClassExA
SetCaretBlinkTime
RegisterClassA
GetMenuContextHelpId

comdlg32

PageSetupDlgW

comctl32

InitCommonControlsEx

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d3bacbe3b45a615ec4f696de56924cd

Headers

File Characteristics

Imports

kernel32

advapi32

user32

comdlg32

comctl32

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 10KB - Virtual size: 33KB

.data Size: 313KB - Virtual size: 313KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 10KB - Virtual size: 33KB

.data
Size: 313KB - Virtual size: 313KB

.rsrc
Size: 5KB - Virtual size: 4KB