f061d2c59261a3d8163570474249c72a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f061d2c59261a3d8163570474249c72a_JaffaCakes118
Size

444KB
MD5

f061d2c59261a3d8163570474249c72a
SHA1

0e04851b1e328a3ee1d3800032d001ea5b5aaa40
SHA256

15c88150aa18adac4baa06122d4d205b5de27630d070e471561c1e035943ff2d
SHA512

5c5931b516f03d32d90a09d9bba21c886cf32e843dcc75cd88d6d2b8cc4b6f598f703b68e4b7f7a7b1988bd22404c0a855ed2ce719828d4cb0005534659f9cfb
SSDEEP

12288:E4lVnqVUl7ZtmpIqOxZj+7LP22PPGC3SWaC1CYpyf:E9VUlVtVVWP22WCeCQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f061d2c59261a3d8163570474249c72a_JaffaCakes118

Files

f061d2c59261a3d8163570474249c72a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1015b4f28e4cb3e6f4306eb80796751c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
WriteFile
SetFilePointer
GetFileSize
CloseHandle
CreateFileA
GetCurrentProcessId
GetLocalTime
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
GetVersionExA
WaitForSingleObject
CreateEventA
OpenEventA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
CreateMutexA
Sleep
GetComputerNameA
GetModuleFileNameA
GetSystemDirectoryA
lstrcpynA
lstrcatA
lstrcpyA
InterlockedIncrement
InterlockedDecrement
GetLocaleInfoA
RaiseException
RtlUnwind
ExitProcess
GetStartupInfoA
HeapAlloc
HeapFree
GetCurrentThreadId
HeapReAlloc
LCMapStringA
LCMapStringW
GetTimeFormatA
GetDateFormatA
CompareStringA
CompareStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetACP
GetOEMCP
FlushFileBuffers
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
IsBadWritePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
IsBadReadPtr
IsBadCodePtr
GetTimeZoneInformation
SetStdHandle
ReadFile
GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableA
GetWindowsDirectoryA
DeleteFileA
FormatMessageA
SetLastError
GetModuleHandleA
GetCommandLineA
WritePrivateProfileStringA
LoadLibraryA
GetLastError
GetProcAddress
GetCPInfo
FreeLibrary

user32

PostMessageA
TranslateMessage
GetMessageA
PeekMessageA
DispatchMessageA

winspool.drv

GetPrinterDriverDirectoryA

advapi32

SetSecurityDescriptorDacl
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
SetKernelObjectSecurity
GetSecurityDescriptorDacl
SetSecurityInfo
InitializeAcl
AddAccessAllowedAce
IsValidSid
GetLengthSid
GetAce
AllocateAndInitializeSid
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
FreeSid
RegEnumValueA

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1015b4f28e4cb3e6f4306eb80796751c

Headers

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

Sections

.text Size: 272KB - Virtual size: 271KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 272KB - Virtual size: 271KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 76KB - Virtual size: 76KB