f01a5a83160cd05130cc4bae0da9c5c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f01a5a83160cd05130cc4bae0da9c5c5_JaffaCakes118
Size

5.7MB
MD5

f01a5a83160cd05130cc4bae0da9c5c5
SHA1

be836a72e453c4c745aa2647b15ae6aa008c7000
SHA256

fa9be0eb937fd64fe63bd0b7548181091a0c8fb506d32c07ad9eb42f579b0cc6
SHA512

42694f6a1c43a2d237eabbfe889a9ee7a34467b2277da8f3e3c937f38cf1023374d9b03b9eb04e7f8923915a2f6c69359437bfa548a0d0f21cabe95acb1ac311
SSDEEP

98304:MBi2X0Db1RsRfwGzZRpUGcLTaXdKJ8bZbybpETZrVv6VuhTDXzSTrI8ipsxpGRu7:MBrXG1RS1M3L2nZ8Y9t6VuhrzFHGIu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f01a5a83160cd05130cc4bae0da9c5c5_JaffaCakes118

Files

f01a5a83160cd05130cc4bae0da9c5c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3c7336413d466d64b51b0d36efaf826

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

ExtTextOutW
ArcTo

advapi32

CryptGetHashParam
SetNamedSecurityInfoA
AbortSystemShutdownW
GetTokenInformation
MakeSelfRelativeSD
GetSidIdentifierAuthority
RegisterEventSourceA
GetAclInformation
CloseEventLog
ClearEventLogW
GetFileSecurityW
LookupPrivilegeValueW
CryptGenRandom
RegisterServiceCtrlHandlerW

kernel32

ExitProcess
EnumSystemCodePagesA
GetDiskFreeSpaceExA
GetThreadPriority
GetDriveTypeW
LoadLibraryExW
GetTapeStatus
ScrollConsoleScreenBufferA
IsBadReadPtr
GetCurrentProcess
FreeLibraryAndExitThread
DebugBreak
VirtualProtect
CompareStringA
SetNamedPipeHandleState
VirtualUnlock
WriteFile
GlobalUnlock
SetTimeZoneInformation
VirtualLock
GenerateConsoleCtrlEvent
FreeEnvironmentStringsA
RaiseException
WritePrivateProfileStringW
SetEnvironmentVariableW
GetFileType
ReadFileScatter
GetSystemTimeAsFileTime
SizeofResource
FreeLibrary
GetHandleInformation
TryEnterCriticalSection

ws2_32

shutdown
WSASendDisconnect
WSAEnumNameSpaceProvidersA
WSAGetServiceClassNameByClassIdW
WSAAddressToStringW
WSAEnumProtocolsW
WSALookupServiceEnd
WSAConnect

user32

EnumDisplayDevicesW
DefWindowProcA
CheckMenuItem
CreateDialogIndirectParamA
SystemParametersInfoA
EnumChildWindows
RegisterHotKey
ChildWindowFromPoint

version

VerQueryValueA

msvcrt

_wmakepath
_strupr
_cwait
swscanf
abort
_strnicoll
_locking
strspn
_mbscat
vswprintf
_mbstrlen
_access
getenv
_ui64tow
iswctype
asctime
_pctype
_spawnv
setlocale
strncat
_tempnam
_mbctoupper
setvbuf

Sections

.text
Size: 2KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3c7336413d466d64b51b0d36efaf826

Headers

File Characteristics

Imports

gdi32

advapi32

kernel32

ws2_32

user32

version

msvcrt

Sections

.text Size: 2KB - Virtual size: 223KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 223KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 17KB - Virtual size: 16KB