f51ae93cf02261a0fdacbbc16bc5af1d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f51ae93cf02261a0fdacbbc16bc5af1d_JaffaCakes118
Size

284KB
MD5

f51ae93cf02261a0fdacbbc16bc5af1d
SHA1

120106c2f59ce58d9f2521a92eab86a2c01ee035
SHA256

276984f650824a0cf8e218018226d24b094ee5439c2cf750ba364ecb0aafb104
SHA512

c9595141c23388141f3d366efd652e693c9253867189ac57a924b078f5c03211f1799de13cde19f5d07bcc6cb44d79f17eedffaa4d5ff05eb523ad2eb169ca0c
SSDEEP

3072:/RJFFOgf+D681uroBqLqzdSd3NPMe0di3HBqdIhVHAo38P5tzefTszZI+3/4ZZaZ:hFOgO7KqQPMe6i3odIhFz8BDI+/9aW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f51ae93cf02261a0fdacbbc16bc5af1d_JaffaCakes118

Files

f51ae93cf02261a0fdacbbc16bc5af1d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

532ded5f47a51140f595a9fd20180a30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
GetLastError
SizeofResource
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
SetEvent
LoadResource
LoadLibraryExA
InterlockedDecrement
WaitForSingleObject
CreateThread
CreateEventA
InterlockedIncrement
Sleep
GetCurrentThreadId
GetCommandLineA
HeapDestroy
GetProcAddress
CloseHandle
DeleteCriticalSection
lstrcatA
GetSystemDefaultLCID
LocalFree
FormatMessageA
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetLocalTime
GetCurrentProcessId
FreeResource
LockResource
GetACP
GetLocaleInfoA
GlobalDeleteAtom
GlobalAddAtomA
SetLastError
GetComputerNameA
GetCurrentThread
FreeLibrary
WideCharToMultiByte
GetModuleHandleA
InitializeCriticalSection
GetModuleFileNameA
MultiByteToWideChar
GetShortPathNameA
lstrlenA
LoadLibraryA
lstrcpyA
EnterCriticalSection
HeapCreate
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
CreateFileA
GetStringTypeW
GetStringTypeA
SetFilePointer
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
LeaveCriticalSection
lstrlenW
WriteFile
FlushFileBuffers
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
HeapSize
IsBadWritePtr
VirtualAlloc
VirtualFree
GetVersionExA
GetEnvironmentVariableA
GetVersion
GetStartupInfoA
GetCurrentProcess
TerminateProcess
ExitProcess
GetSystemTime
GetTimeZoneInformation
RtlUnwind
RaiseException

user32

TranslateMessage
GetMessageA
LoadStringA
RegisterWindowMessageA
OpenDesktopA
SetProcessWindowStation
SetThreadDesktop
GetThreadDesktop
GetProcessWindowStation
OpenWindowStationA
DefWindowProcA
GetWindowLongA
RegisterClassExA
CreateWindowExA
GetDesktopWindow
SetWindowLongA
CharNextA
PostThreadMessageA
DispatchMessageA
IsWindow
wsprintfA
SendMessageA
CloseWindowStation
CloseDesktop
CharUpperA

advapi32

RegQueryValueExA
GetTokenInformation
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
OpenThreadToken

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
CoSuspendClassObjects
CoInitializeSecurity
CoUninitialize
CoResumeClassObjects
CoRevokeClassObject
CoInitializeEx
CoRegisterClassObject
CoSetProxyBlanket
CoImpersonateClient
CoRevertToSelf

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
LoadTypeLi
SafeArrayGetElement
SysStringLen
SafeArrayCreate
SafeArrayDestroy
RegisterTypeLi
VarUI4FromStr
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString
VariantInit
SafeArrayPutElement

secur32

GetUserNameExA

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cjtn
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ordata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

532ded5f47a51140f595a9fd20180a30

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

secur32

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 28KB - Virtual size: 34KB

.tls Size: 4KB - Virtual size: 12B

.rsrc Size: 16KB - Virtual size: 14KB

.cjtn Size: 40KB - Virtual size: 37KB

.ordata Size: 28KB - Virtual size: 28KB

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 28KB - Virtual size: 34KB

.tls
Size: 4KB - Virtual size: 12B

.rsrc
Size: 16KB - Virtual size: 14KB

.cjtn
Size: 40KB - Virtual size: 37KB

.ordata
Size: 28KB - Virtual size: 28KB