f3cb16d5fdc0c19bdcbe9f8e4e5c1f9e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f3cb16d5fdc0c19bdcbe9f8e4e5c1f9e_JaffaCakes118
Size

231KB
MD5

f3cb16d5fdc0c19bdcbe9f8e4e5c1f9e
SHA1

9222c0f2c47235ad5d791f998959cfd648decc0a
SHA256

cb23228372981e3fd5573604dd0c760b7f1f3c063dcc2370a45787febfadcfa0
SHA512

b00afbd0ad506b2dfae467a3fea56feb6e1b438255677106bbadc8eaa292cb506b5c94ba302ffcdc996c17732c05b10e859d280c82d30333a4a74d04f5fbde01
SSDEEP

6144:RnxMjeILZGhLlI9ecog9Jo2YwDqNfijXI:RAeIs1lLsXqRwXI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3cb16d5fdc0c19bdcbe9f8e4e5c1f9e_JaffaCakes118

Files

f3cb16d5fdc0c19bdcbe9f8e4e5c1f9e_JaffaCakes118
.exe windows:6 windows x86 arch:x86

2642ae4baaabbb804edd2fa6c1f95e0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
CreateFileW
CompareStringOrdinal
IsWow64Process
SetFileAttributesW
GetFileAttributesW
DeleteFileW
GetCurrentProcess
Sleep
FindFirstFileW
CloseHandle
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetDiskFreeSpaceExW
GetFileInformationByHandle
SetLastError
GetVolumeInformationByHandleW
GetCurrentDirectoryW
DecodePointer
GetVolumePathNameW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
GetSystemDirectoryW
MoveFileExW
ReplaceFileW
VerifyVersionInfoW
VerSetConditionMask
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
GetFileInformationByHandleEx
LoadLibraryA
GetProcAddress
TlsFree
TlsAlloc
TlsGetValue
TlsSetValue
SetUnhandledExceptionFilter
GetFileType
UnhandledExceptionFilter
FindFirstFileA
FindNextFileA
GetModuleHandleA
WriteFile
VirtualAlloc
GetModuleFileNameA
GetFileAttributesA
CreateFileA
GetFileSize
SystemTimeToTzSpecificLocalTime
ExitProcess
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
PropVariantClear
CoTaskMemAlloc
CoResumeClassObjects

advapi32

RegEnumKeyExW
RegGetValueW
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
InitializeAcl
SetNamedSecurityInfoW

shell32

SHChangeNotify
SHGetDataFromIDListW
SHBindToParent
SHParseDisplayName
ord709
SHFileOperationW
SHGetKnownFolderPath
ord526

shlwapi

PathIsDirectoryW
PathIsPrefixW

ntdll

NtQueryDirectoryFile
RtlNtStatusToDosError

gdi32

StartPage
ModifyWorldTransform
EndDoc
EndPage
GetPolyFillMode

user32

BeginPaint
EndPaint
CopyRect
UnpackDDElParam
ReuseDDElParam

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2642ae4baaabbb804edd2fa6c1f95e0a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

advapi32

shell32

shlwapi

ntdll

gdi32

user32

Sections

.text Size: 171KB - Virtual size: 171KB

.data Size: 7KB - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 42KB - Virtual size: 42KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 171KB - Virtual size: 171KB

.data
Size: 7KB - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 42KB - Virtual size: 42KB

.reloc
Size: 6KB - Virtual size: 5KB