fe727e34021a97145e0e6aa132cdd67b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe727e34021a97145e0e6aa132cdd67b_JaffaCakes118
Size

953KB
MD5

fe727e34021a97145e0e6aa132cdd67b
SHA1

d939e875e36dc08b9686d019480f341020af7bba
SHA256

59fc90bb4b46dc2a9e14008abb978e3c20971c6a9e1ba8b1d31e69e9104eceda
SHA512

09699d49ecf25cdd41aab1c85c2feda9b7e3fe1b834e9c1d38393c78c8694e09fefe3bbde90c282b5e93b71442e8ead2071958f7392b2373a0fc6084e75ad61d
SSDEEP

24576:j11ZFeE3HHL4ROrNKMNVc5mSJ0nFhgAostzT:p1ZAE3nL4RmpN61YhgAoS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe727e34021a97145e0e6aa132cdd67b_JaffaCakes118

Files

fe727e34021a97145e0e6aa132cdd67b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a8fbbba76a2e53f41e062a02a7fcbd2a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumDeviceDrivers
GetProcessImageFileNameW

crypt32

CertAddStoreToCollection
CryptStringToBinaryW
CertFreeCertificateChain
CryptEncodeObjectEx
CryptEncodeObject
CryptFindOIDInfo
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateContext
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertAddEncodedCertificateToStore
CertFreeCTLContext
CertControlStore
CertGetEnhancedKeyUsage
CryptHashCertificate
CertFindExtension
CryptExportPublicKeyInfo
CryptAcquireCertificatePrivateKey
CryptExportPKCS8
CryptHashPublicKeyInfo
CertNameToStrW
CertGetCertificateChain

kernel32

SetFilePointerEx
EncodePointer
SetStdHandle
GlobalUnlock
GlobalFree
VirtualAlloc
HeapDestroy
HeapFree
GetCurrentThreadId
GetLastError
InitializeCriticalSection
SetFilePointer
CloseHandle
TlsFree
CreateEventW
GetCommandLineW
FindResourceExW
GetTempPathW
CreateFileW
GetOEMCP
WideCharToMultiByte
CompareStringW
GetThreadLocale
GetUserDefaultLCID
GetStringTypeW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetLastError
WriteConsoleW
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
RtlUnwind
OutputDebugStringW
HeapAlloc
HeapReAlloc
HeapSize
LCMapStringW

mpr

WNetOpenEnumW
WNetGetLastErrorW

userenv

LeaveCriticalPolicySection
LoadUserProfileW

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 849KB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8fbbba76a2e53f41e062a02a7fcbd2a

Headers

File Characteristics

Imports

psapi

crypt32

kernel32

mpr

userenv

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 849KB - Virtual size: 7.3MB

.rsrc Size: 23KB - Virtual size: 25KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 849KB - Virtual size: 7.3MB

.rsrc
Size: 23KB - Virtual size: 25KB