fbe68bdc58bee1630c56ab350be5c97b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbe68bdc58bee1630c56ab350be5c97b_JaffaCakes118
Size

1.1MB
MD5

fbe68bdc58bee1630c56ab350be5c97b
SHA1

8fd6a623530d6718bc051fb87c6379739be0c2f6
SHA256

a05673138507e8f29580c5becab611b896bb45969b368862824c799cb5a5923d
SHA512

966a1d61ea6ddb1fb6e30bd34b267af3791a3735b25c4ff857551655b691706a5b116c67ca9a552bc587eed079419cb5bb269c3c9498c87a115f6ded6616b483
SSDEEP

24576:vYbfY8N4K+zfD9RJmKu6/jmTQmNyRdj4ZUX:wDJ+bZPgTQm+K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbe68bdc58bee1630c56ab350be5c97b_JaffaCakes118

Files

fbe68bdc58bee1630c56ab350be5c97b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

df43643fc6c43a27fb90e63a19f435a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
OutputDebugStringW
HeapAlloc
HeapReAlloc
GetStringTypeW
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
CreateFileW
GetCommandLineW
GetModuleHandleW
GetSystemInfo
CloseHandle
GetFileSize
GetLastError
GetCurrentThreadId
VirtualAlloc
GetProcAddress
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
WriteConsoleW

user32

GetMonitorInfoW
GetIconInfo
DrawIconEx
DrawFocusRect
GetCursorPos
GetWindowTextLengthW
CreateMenu
GetMenuState
SetTimer
CharUpperW
GetDialogBaseUnits
GetDlgCtrlID
CheckRadioButton
BringWindowToTop
GetClassInfoExW
CallWindowProcW
DefWindowProcW
RegisterWindowMessageW

crypt32

CryptStringToBinaryW
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CryptProtectData
CryptQueryObject
CertGetNameStringW
CertNameToStrW
CryptHashPublicKeyInfo
CryptExportPKCS8
CertVerifyTimeValidity
CryptHashCertificate
CertGetEnhancedKeyUsage
CertControlStore
CertFreeCTLContext
CertAddCertificateContextToStore
CertFreeCRLContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CryptMsgGetParam
CryptMsgUpdate
CryptMsgClose
CryptEncodeObjectEx
CryptEncodeObject
CryptMsgOpenToDecode

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dyc4w3
Size: 434KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df43643fc6c43a27fb90e63a19f435a7

Headers

File Characteristics

Imports

kernel32

user32

crypt32

advapi32

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 419KB - Virtual size: 419KB

.data Size: 217KB - Virtual size: 6.6MB

.dyc4w3 Size: 434KB - Virtual size: 437KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 419KB - Virtual size: 419KB

.data
Size: 217KB - Virtual size: 6.6MB

.dyc4w3
Size: 434KB - Virtual size: 437KB