f5c4ae4a40732e73cabc455678b29b94_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f5c4ae4a40732e73cabc455678b29b94_JaffaCakes118
Size

4.7MB
MD5

f5c4ae4a40732e73cabc455678b29b94
SHA1

16a65b6a1481de33f32acacb019b8298b9d7f173
SHA256

e476c49a5b5f7d3d83689324425babec41b24d1aaa557ab3bec48257dfb2d1b8
SHA512

260a23ea32b03f51f2c7649696e954c7aa77c39c7e4c1f4de6bdc7e1b3cbe9f8328cbe5ed5d91b36a458692d1721062a162bb9217b1a59b4fe2ea54767d77f08
SSDEEP

98304:ZQ49EU7bYkkwDwCFlqL+0P02fYjCHoOkAAGuvF1LniE++ZLZyFupHpJ:Zes3kBfYeIO4f9wupHb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5c4ae4a40732e73cabc455678b29b94_JaffaCakes118

Files

f5c4ae4a40732e73cabc455678b29b94_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1d3eec866c4703d6d235d4ab6a938b1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetFileAttributesExA
WriteConsoleA
HeapSize
CreateFileA
HeapDestroy
GlobalGetAtomNameA
SetFileAttributesA
SetCommState
SetFilePointer
GetSystemTime
SetVDMCurrentDirectories
RegisterWaitForSingleObject
GetNamedPipeHandleStateA
UnregisterWait
IsValidCodePage
SetSystemTime
GlobalHandle
LocalCompact
GetCommandLineA
DeleteFileA
EnumSystemLanguageGroupsA
GetDiskFreeSpaceExA
ReadConsoleA
GetThreadPriority
GlobalFree
SetFileValidData
SetThreadContext
GetCPInfo
CloseHandle
IsBadStringPtrA
GetTimeFormatA
GetSystemTimes
SetConsoleHardwareState
FreeEnvironmentStringsA
GetThreadTimes
FindResourceExA
SetLocaleInfoA
OpenSemaphoreA
EnumResourceTypesA
lstrcatA
PeekConsoleInputA
EndUpdateResourceA
GetConsoleTitleA
GetUserGeoID
IsDebuggerPresent
OpenJobObjectA
VirtualFreeEx
GetVolumePathNameA
GetLogicalDriveStringsA
OpenWaitableTimerA
LZInit
GetLongPathNameA
WaitForMultipleObjectsEx
CallNamedPipeA
GetConsoleAliasExesW
SetThreadIdealProcessor
GetDateFormatA
GetConsoleAliasesA
AddConsoleAliasA
GetProfileStringA
GetWindowsDirectoryA
GetCommModemStatus
SuspendThread
EnumSystemLocalesA
GetVersionExA
CompareStringA
ProcessIdToSessionId
DeleteTimerQueueEx
HeapReAlloc
WriteConsoleOutputA
GetProfileSectionA
MapViewOfFileEx
ReadConsoleA
CreateTimerQueue
EndUpdateResourceA
GetCurrencyFormatA
UnlockFile
GetLocalTime
GetDllDirectoryA
GetModuleFileNameA
GetProcessAffinityMask
GetConsoleTitleA
GetTapePosition
GlobalWire
CreateFileMappingA
BuildCommDCBAndTimeoutsW
FindFirstChangeNotificationA
GetLogicalDrives
CreateDirectoryExA
OpenMutexA
CreateEventA
UnlockFileEx
GetCommTimeouts
WriteConsoleInputA
GetAtomNameA
LoadLibraryExW
FlushConsoleInputBuffer
GetThreadSelectorEntry
SystemTimeToFileTime
WriteConsoleInputA
GetFileTime
GetFileSizeEx
LZStart
LocalShrink
WinExec
OutputDebugStringA
GetNumberOfConsoleFonts
RequestDeviceWakeup
GetDriveTypeA
CreateSocketHandle
SetUnhandledExceptionFilter
ClearCommError
SetConsoleDisplayMode
SetLastConsoleEventActive
QueueUserAPC
GetModuleHandleA
CreateMutexA
AddConsoleAliasA
SetInformationJobObject
DeleteTimerQueueTimer
GetEnvironmentVariableA
CopyFileExW
OpenFileMappingA
SearchPathA
SetDllDirectoryA
GetSystemPowerStatus
FindFirstVolumeMountPointA
GetFileAttributesExA
MoveFileWithProgressA
SetFileShortNameA
LockResource
Process32Next
CreateNamedPipeA
lstrcpyn
IsValidLocale
SetWaitableTimer
SetFilePointerEx
GetSystemInfo
FindNextVolumeMountPointA
VirtualAllocEx
ChangeTimerQueueTimer
GetModuleFileNameA
GetConsoleWindow
DeleteTimerQueue
TerminateThread
SetConsoleTextAttribute
CreateWaitableTimerA
GetConsoleCommandHistoryLengthW
DeleteFileA
SetUserGeoID
GetConsoleInputExeNameA
CreateFileMappingA
SetVolumeLabelA
GlobalCompact
Sleep
GetFullPathNameA
GetDefaultCommConfigA
GetCurrentProcessId
GetComputerNameA
GetModuleFileNameA
GetCurrentProcessId
LCMapStringA
ExitVDM
GetConsoleAliasesLengthA
FindFirstFileExA
ExpungeConsoleCommandHistoryA
_lread
RemoveDirectoryA
WaitForSingleObject
ReadConsoleOutputA
DeleteAtom
ReadConsoleOutputAttribute
GetConsoleMode
SetLocalPrimaryComputerNameA
SystemTimeToTzSpecificLocalTime
LocalFlags
QueryInformationJobObject
IsWow64Process
GetConsoleTitleA
lstrcmpA
ResetEvent
LoadLibraryA
GetProcessWorkingSetSize
GetFileInformationByHandle
BeginUpdateResourceA
WriteConsoleOutputCharacterA
_llseek
GetProcessAffinityMask
LoadLibraryExA
OpenEventA
GetCurrentThreadId
FindResourceA
DebugBreak
SetConsoleFont
SetFilePointer
GlobalCompact
GetConsoleCursorInfo
SetThreadLocale
WriteConsoleOutputCharacterW
GetNamedPipeInfo
EnumResourceNamesA
GetDefaultCommConfigA
GetStringTypeExW
GetProcessHeaps
SetConsoleCursorInfo
SetConsoleTitleA
GetTempFileNameA
SetHandleInformation
ReadConsoleInputA
OpenThread
SetErrorMode
GetCommMask
HeapSize
IsDebuggerPresent
FindVolumeMountPointClose
GetUserDefaultLangID
lstrcpyA
MoveFileA
lstrcpy
LocalAlloc
GetModuleFileNameW
GetLocaleInfoA
FindFirstVolumeMountPointW
HeapSize
GetDllDirectoryA
WaitNamedPipeA
DuplicateConsoleHandle
GetConsoleSelectionInfo
EndUpdateResourceA
LockFile
IsProcessorFeaturePresent
SetPriorityClass
CancelWaitableTimer
ReadConsoleOutputCharacterA
DuplicateHandle
WriteProfileStringA
PurgeComm
GetDevicePowerState
GetSystemTimeAsFileTime
ExpungeConsoleCommandHistoryA
SetDefaultCommConfigA
RemoveDirectoryA
VirtualAlloc
FlushViewOfFile
FindFirstVolumeMountPointW
GetUserDefaultLCID
FindResourceExW
GetSystemTimes
ReadConsoleOutputCharacterA
GetProcessVersion
GetTickCount
GetShortPathNameA
GetLogicalDriveStringsA
GetVersionExA
GetSystemTimeAsFileTime
_llseek
GetDevicePowerState
HeapValidate
TransmitCommChar
GetConsoleCharType
UnlockFile
Toolhelp32ReadProcessMemory
GetProfileIntA
GetThreadTimes
GetProcessIoCounters
PurgeComm
ProcessIdToSessionId
GetComputerNameExA
GetVolumePathNamesForVolumeNameA
GlobalDeleteAtom
QueryDosDeviceA
GlobalUnWire
HeapCompact
GetDiskFreeSpaceA
ReadFile
OpenFileMappingA
GetPrivateProfileStringA
IsBadReadPtr
ConnectNamedPipe
GlobalAddAtomA
WriteProfileSectionA
TransmitCommChar
SetCommTimeouts
EndUpdateResourceA
ClearCommBreak

hid

HidP_GetUsageValue

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.4MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d3eec866c4703d6d235d4ab6a938b1a

Headers

File Characteristics

Imports

kernel32

hid

Sections

.text Size: 130KB - Virtual size: 130KB

.data Size: 1024B - Virtual size: 600B

.xdata Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 2.4MB - Virtual size: 5.7MB

.idata Size: 7KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 130KB - Virtual size: 130KB

.data
Size: 1024B - Virtual size: 600B

.xdata
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 2.4MB - Virtual size: 5.7MB

.idata
Size: 7KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 17KB