f711c7cecde04a6e532f1b83ac85a454_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f711c7cecde04a6e532f1b83ac85a454_JaffaCakes118
Size

235KB
MD5

f711c7cecde04a6e532f1b83ac85a454
SHA1

2b9d8b9bf157ab4c98faaadad0859fa17bb7c1df
SHA256

1cae867bba1cd12967dd2a12266e744e8db41aae18ecda5d03fdefb004f45000
SHA512

d13be5bcc092f38086714ae9ecee3a12dd2a027e1f2fe858ae4c156e5b24cd6cf0849c93830f0aada52d8edcb4a8ce4713dbac0b8f2e5a10aa90d9f87a18c56b
SSDEEP

3072:muXoYR0toWmhWGobiTH+h/jFIIgU2dTccSfUNHFE2RhhNUWfiqBOnDt:ppBloq+9FIrZrScBRhPUET0p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f711c7cecde04a6e532f1b83ac85a454_JaffaCakes118

Files

f711c7cecde04a6e532f1b83ac85a454_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f72a4d96274e1adc635560e2adc59b22

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetCurrentProcess
GetModuleFileNameA
SetFileTime
GetFileTime
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
SetEndOfFile
WriteFile
DuplicateHandle
MoveFileExA
GetCurrentProcessId
CopyFileA
GetTempFileNameA
GetTempPathA
DeleteFileA
WaitForSingleObject
lstrlenA
GetSystemDirectoryA
GetLocalTime
FreeLibrary
VirtualFree
VirtualAlloc
GetProcAddress
LoadLibraryA
ReadFile
GetStringTypeW
GetStringTypeA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetStdHandle
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
Sleep
HeapSize
MultiByteToWideChar
GetLocaleInfoA
HeapReAlloc
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
LCMapStringA
LCMapStringW

user32

wsprintfA

shlwapi

PathStripPathA

psapi

GetModuleInformation

Exports

Exports

AutoDel
Port
dllName
szIP
vPasswd

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f72a4d96274e1adc635560e2adc59b22

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

psapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 164KB - Virtual size: 160KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 164KB - Virtual size: 160KB