f6122f2221b0d59b19dff1e45e4874c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6122f2221b0d59b19dff1e45e4874c4_JaffaCakes118
Size

120KB
MD5

f6122f2221b0d59b19dff1e45e4874c4
SHA1

29d9d5fc06d59654435122fbc2f409254c9d766c
SHA256

03ddf1879ede29ea8359fa90cd20700fe022cc1c32ecff6a8db98067a163e90d
SHA512

720d2332a1371245c835856e67675ffef7bd6da18c2a7ca87e0a8e26a054b11a64bd7c280cd20aed84be1d2b7ec5386a09a11568052468ccfffd7f06c4b9a910
SSDEEP

1536:6CXlUhOeDlTqtU32QJhtr+JsObc6I3o2SPJd6d5bMKPoy:6CfeDlNtJnosOYB3oZPJd6TIy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6122f2221b0d59b19dff1e45e4874c4_JaffaCakes118

Files

f6122f2221b0d59b19dff1e45e4874c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ebfa010ebc1550071e319c44e4a9f7f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
OpenProcess
GetWindowsDirectoryA
ExitProcess
ResumeThread
GetShortPathNameA
GetEnvironmentVariableA
CopyFileA
Thread32Next
OpenThread
Thread32First
SizeofResource
LockResource
LoadResource
FindResourceA
HeapFree
ReadFile
HeapAlloc
GetProcessHeap
GetTempFileNameA
GetTempPathA
GetStartupInfoA
CreateProcessA
lstrcpyA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentProcess
lstrcatA
GetModuleFileNameA
MultiByteToWideChar
DeviceIoControl
QueryDosDeviceA
CreateFileA
WriteFile
CloseHandle
GetLastError
GetSystemDirectoryA
LoadLibraryExA
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

wsprintfA
CharUpperA

advapi32

CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
StartServiceA
RegCreateKeyA
RegSetValueExA
RegCloseKey
CryptAcquireContextA
RegOpenKeyExA
CryptCreateHash

shell32

SHGetFolderPathA

msvcrt

_exit
_strcmpi
_controlfp
strncpy
strstr
sprintf
_except_handler3
strchr
wcslen
strrchr
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_stricmp
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ebfa010ebc1550071e319c44e4a9f7f6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 12KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 96KB - Virtual size: 94KB

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 96KB - Virtual size: 94KB