00442a088456ce18a43187605557b3d1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

00442a088456ce18a43187605557b3d1_JaffaCakes118
Size

344KB
MD5

00442a088456ce18a43187605557b3d1
SHA1

d02f19accf695508bc31a650539934d8ea46fb15
SHA256

d8ee200589d8e7d72878ea79bcfc9d18ee52569c046df74fa0dfe7e33d9ec422
SHA512

62d65da6e38ceae67845d44fe979941049d54075ca16ff0ed6b6db3379ccc30df55da5a4a2926e52147a48f0c11c2283fc1ee06864e8605bf31fb77b766656a7
SSDEEP

6144:V6DdOsqgCFKNnhMA6GOopUtQ9KIwD13KJ181KUO:sZOsSwhCGbWWu13E0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
00442a088456ce18a43187605557b3d1_JaffaCakes118

Files

00442a088456ce18a43187605557b3d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e485f70e75206becf354a5ccc900c7ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wet ertyyyyhj yu 5 ujy5_x.pdb

Imports

user32

GetProcessWindowStation
CreateMDIWindowW

clusapi

OfflineClusterResource

shell32

SHQueryRecycleBinW

mprapi

MprAdminServerGetInfo
MprAdminMIBEntrySet

kernel32

CompareStringW
SetEnvironmentVariableA
EnterCriticalSection
CompareStringA
GetLocaleInfoW
ReadFile
GetTimeZoneInformation
VirtualQuery
EnumDateFormatsExA
LocalFlags
MoveFileWithProgressW
GetCurrentThread
GetThreadPriority
GetTickCount
ExpandEnvironmentStringsA
MoveFileA
CloseHandle
LocalSize
GlobalFlags
WriteConsoleInputW
CreateFileW
MoveFileWithProgressA
WaitForMultipleObjectsEx
IsBadHugeReadPtr
GetStringTypeExA
SetComputerNameExA
IsWow64Process
GetStringTypeA
GetCPInfoExA
GetNamedPipeHandleStateW
GetCalendarInfoW
FileTimeToDosDateTime
GetProcessTimes
GetThreadPriorityBoost
FindActCtxSectionGuid
WriteFile
EnumCalendarInfoA
lstrcmpA
GetConsoleCP
GetCalendarInfoA
InterlockedPushEntrySList
InterlockedIncrement
EnumSystemLocalesA
GetLocaleInfoA
GetVolumeNameForVolumeMountPointA
GetShortPathNameW
GetProfileSectionA
LocalAlloc
LocalFree
GetProcAddress
FreeLibrary
InterlockedExchange
GetLastError
LoadLibraryA
RaiseException
GetCommandLineA
GetVersionExA
GetStartupInfoA
WideCharToMultiByte
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
SetUnhandledExceptionFilter
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringA
GetCPInfo
GetACP
GetOEMCP
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
InitializeCriticalSection
GetModuleHandleW
HeapAlloc
RtlUnwind
SetConsoleCtrlHandler
Sleep
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
IsValidLocale
IsValidCodePage
CreateFileA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
VirtualProtect
GetSystemInfo

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

~f6c:D
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

B;z^#
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e485f70e75206becf354a5ccc900c7ba

Headers

File Characteristics

PDB Paths

Imports

user32

clusapi

shell32

mprapi

kernel32

Sections

.text Size: 156KB - Virtual size: 154KB

~f6c:D Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 12KB

.erloc Size: 64KB - Virtual size: 61KB

B;z^# Size: 40KB - Virtual size: 36KB

.rsrc Size: 44KB - Virtual size: 246KB

.text
Size: 156KB - Virtual size: 154KB

~f6c:D
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 12KB

.erloc
Size: 64KB - Virtual size: 61KB

B;z^#
Size: 40KB - Virtual size: 36KB

.rsrc
Size: 44KB - Virtual size: 246KB