f5f3dd372ba5a6c76e8dc049ef9cffef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f5f3dd372ba5a6c76e8dc049ef9cffef_JaffaCakes118
Size

620KB
MD5

f5f3dd372ba5a6c76e8dc049ef9cffef
SHA1

9761e46ad9c4231df944090a0ffb03d2acdc16db
SHA256

1108ea717d40c53e3e9fc02209e2a4c7fc11739e7c52a78fd2734fe96cd99738
SHA512

4a35261d3ef0ba6a80e82068a008941d79ca4329ac5751b86327009ba5c6fff9df4306ed5e09bc280222234148d22d5bb89418c2ff60ba4bd6f482893513a4f6
SSDEEP

12288:RjvxLA8+0Zejqudsp3GqiXuP5wJ8JNRgn:lvda0kFsp3GfXpJ8JIn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5f3dd372ba5a6c76e8dc049ef9cffef_JaffaCakes118

Files

f5f3dd372ba5a6c76e8dc049ef9cffef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a917d16481e5c0e0becf3be326ad53ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
FlushFileBuffers
CreateFileA
FindResourceExA
CreateFileW
GetModuleFileNameW
VirtualQuery
GetExitCodeProcess
GetDiskFreeSpaceExA
HeapLock
WriteProfileSectionW
SetConsoleOutputCP
GetStartupInfoW
FlushViewOfFile
HeapFree
GetSystemTimeAsFileTime
GetLastError
GetConsoleScreenBufferInfo
GetCPInfo
SetHandleCount
GetStdHandle
GetProfileSectionA
SetLastError
EnumSystemLocalesA
GetCalendarInfoA
TlsSetValue
GetCommandLineW
LocalLock
GetACP
UnhandledExceptionFilter
HeapReAlloc
GetCommandLineA
SetLocaleInfoW
HeapCreate
GetTimeZoneInformation
GetModuleFileNameA
CreateThread
GetUserDefaultLCID
SetConsoleScreenBufferSize
FileTimeToDosDateTime
RtlUnwind
IsValidLocale
GlobalFindAtomA
ExitProcess
FreeEnvironmentStringsA
EnumTimeFormatsA
ReadConsoleOutputW
MoveFileA
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualProtect
CreateMutexA
GlobalAlloc
GetFileType
CommConfigDialogW
GetNamedPipeHandleStateW
WritePrivateProfileSectionA
SetEnvironmentVariableA
QueryPerformanceCounter
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
LoadLibraryA
GetCurrentProcess
IsValidCodePage
GetCompressedFileSizeW
GetThreadLocale
HeapSize
GetTempPathA
CompareStringW
LeaveCriticalSection
WriteFile
GetLongPathNameW
GetCurrentThreadId
GetSystemInfo
GetPrivateProfileStructA
CommConfigDialogA
InterlockedExchangeAdd
GetProcAddress
DuplicateHandle
TlsFree
GetEnvironmentStrings
GetDateFormatA
GetShortPathNameA
LCMapStringA
GetModuleHandleW
MultiByteToWideChar
GetSystemDirectoryA
OpenMutexA
GetLocaleInfoA
GetDriveTypeA
GetPrivateProfileStringA
IsBadWritePtr
GetOEMCP
GetVersionExA
GetStartupInfoA
LCMapStringW
GetSystemTimeAdjustment
TlsGetValue
GetLogicalDriveStringsA
GetStringTypeW
WriteConsoleInputA
CompareStringA
VirtualFree
DeleteFileW
GetTickCount
GetTimeFormatA
VirtualAlloc
EnterCriticalSection
InitializeCriticalSection
lstrlenA
GetCurrentThread
HeapAlloc
ReadFile
ReadConsoleOutputAttribute
TlsAlloc
CloseHandle
InterlockedExchange
TerminateProcess
HeapDestroy
InterlockedCompareExchange
WideCharToMultiByte
SetStdHandle
UnmapViewOfFile
DeleteCriticalSection
GetStringTypeA
GetCurrentProcessId
lstrcpyW
SetFilePointer
AddAtomA
GetModuleHandleA

comctl32

ImageList_SetFilter
ImageList_BeginDrag
ImageList_Destroy
InitCommonControlsEx
ImageList_LoadImageW
GetEffectiveClientRect
ImageList_DragMove
ImageList_SetImageCount
ImageList_SetFlags
ImageList_SetDragCursorImage
_TrackMouseEvent
ImageList_Create
ImageList_LoadImage
ImageList_SetOverlayImage
ImageList_Add
ImageList_GetImageCount
DrawInsert

advapi32

CryptGenRandom
DuplicateTokenEx
CryptDestroyKey
RegEnumKeyW
CryptSetProviderA
RegDeleteKeyA
CryptGetDefaultProviderA
RegEnumKeyA

shell32

SHInvokePrinterCommandW
SHGetPathFromIDListW
ShellExecuteEx
SHBrowseForFolder

user32

GetClipboardFormatNameW
OemToCharW
ToUnicode
WINNLSGetIMEHotkey
LoadMenuIndirectA
RegisterClassExA
GetDialogBaseUnits
DlgDirListComboBoxW
UnionRect
IsDlgButtonChecked
SystemParametersInfoA
GetClassInfoW
EnumDisplaySettingsA
LookupIconIdFromDirectoryEx
RegisterClassA
DispatchMessageW
GetProcessWindowStation

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a917d16481e5c0e0becf3be326ad53ba

Headers

File Characteristics

Imports

kernel32

comctl32

advapi32

shell32

user32

Sections

.text Size: 180KB - Virtual size: 176KB

.rdata Size: 260KB - Virtual size: 256KB

.data Size: 112KB - Virtual size: 143KB

.rsrc Size: 64KB - Virtual size: 62KB

.text
Size: 180KB - Virtual size: 176KB

.rdata
Size: 260KB - Virtual size: 256KB

.data
Size: 112KB - Virtual size: 143KB

.rsrc
Size: 64KB - Virtual size: 62KB