efe3780061e07c09cc4237ac8589b627_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efe3780061e07c09cc4237ac8589b627_JaffaCakes118
Size

444KB
MD5

efe3780061e07c09cc4237ac8589b627
SHA1

92aefc9c276f6797fccec04ba6a58c65e7851cbc
SHA256

b4ef34ab31b739595a77b9707b76df7b207d721d7ac73f0e75611fd725759c17
SHA512

31129028530ba6afeb615d788948b625b58d06b7b0243e7439ea62cfa4db459e85fa3eb10037e97a39e2f2bcdc74f10da7003c6bd08e53e9aba0fdbe053144d7
SSDEEP

12288:XOeUOy9xK0CljTKB7JVwnL18+OW/GEgHJ+EmB6vzHnwpnTC:ZU59xBmTKB7JVwnL18+OWIHJjY6LHno

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efe3780061e07c09cc4237ac8589b627_JaffaCakes118

Files

efe3780061e07c09cc4237ac8589b627_JaffaCakes118
.exe windows:4 windows x86 arch:x86

970e54a8b50941c6a91848feb31b4056

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptImportKey
LookupPrivilegeNameA
LookupSecurityDescriptorPartsA
CryptSetProvParam
RegQueryInfoKeyA
CreateServiceA
RegOpenKeyExA
CryptDestroyHash
CryptSetKeyParam
RegCreateKeyW
CryptEnumProvidersW
LookupAccountNameW
RegNotifyChangeKeyValue
GetUserNameW
CryptDuplicateKey
LogonUserW
CryptGenRandom

comdlg32

PrintDlgW
PageSetupDlgW

kernel32

GetCommandLineA
InterlockedDecrement
GlobalHandle
FlushFileBuffers
GetCurrentThreadId
GetModuleFileNameA
GetTickCount
ReadConsoleOutputW
SetConsoleCtrlHandler
RtlUnwind
GetTimeZoneInformation
LoadLibraryA
EnumResourceTypesA
HeapAlloc
GetLocaleInfoW
GetEnvironmentStrings
LCMapStringW
HeapFree
QueryPerformanceCounter
ReadConsoleW
GetCurrentThread
FreeEnvironmentStringsA
LeaveCriticalSection
HeapDestroy
CompareStringA
ReadConsoleInputA
GetProcAddress
InitializeCriticalSection
MapViewOfFileEx
GetVersionExA
EnumSystemLocalesA
GetEnvironmentStringsW
GetThreadContext
CompareStringW
GetLocaleInfoA
VirtualFree
TlsSetValue
IsDebuggerPresent
TlsFree
SetUnhandledExceptionFilter
GetTimeFormatA
VirtualQuery
HeapSize
GetDateFormatA
GetCurrentProcess
GetSystemTimeAsFileTime
GetModuleHandleA
SetLastError
OpenFileMappingA
SetHandleCount
FindFirstFileA
EnterCriticalSection
GetStdHandle
HeapReAlloc
HeapCreate
TerminateProcess
GetStringTypeA
LCMapStringA
GetProcessHeap
GetLastError
SetConsoleTitleW
MultiByteToWideChar
SetEnvironmentVariableA
VirtualAlloc
TlsGetValue
IsValidLocale
GetFileType
FreeLibrary
DeleteCriticalSection
IsValidCodePage
Sleep
WideCharToMultiByte
GetACP
GetUserDefaultLCID
TlsAlloc
InterlockedIncrement
GetOEMCP
GetCPInfo
ExitProcess
WriteFile
GetStringTypeW
GetCurrentProcessId
FreeEnvironmentStringsW
UnhandledExceptionFilter
InterlockedExchange
GetStartupInfoA

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

970e54a8b50941c6a91848feb31b4056

Headers

File Characteristics

Imports

advapi32

comdlg32

kernel32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 8KB - Virtual size: 35KB

.data Size: 279KB - Virtual size: 279KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 8KB - Virtual size: 35KB

.data
Size: 279KB - Virtual size: 279KB

.rsrc
Size: 11KB - Virtual size: 11KB