006c79d32e74b4395decf819d5a03bd0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

006c79d32e74b4395decf819d5a03bd0_JaffaCakes118
Size

18KB
MD5

006c79d32e74b4395decf819d5a03bd0
SHA1

4592d609f861c1a527091af2ac7b2a1738634a76
SHA256

b4a67d82a9276011e2a3c85e05d5fbb46eb270b909ad83f18fd1fa2eee3dd9ff
SHA512

d0868f3be2120063c509de944ccde78f83e9a4ef760b14a066952ee2199f0460396f61c782880d50b1ad5fa4d4baf6405cb362c4dbfb7f548cf5a70182f958eb
SSDEEP

192:3kcZBMzrwW/fLeDJGaI0wJyCqpv9kMf/v4vLtaJMmmA2DaM:3jZBMggeDI3K9ko4vLtgXODN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
006c79d32e74b4395decf819d5a03bd0_JaffaCakes118

Files

006c79d32e74b4395decf819d5a03bd0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

535400d39d6c0517d2e55c8686aa4121

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetCommandLineA
MapViewOfFile
InterlockedExchange
LocalFree
GetThreadLocale
GetStartupInfoA
GetStringTypeA
GetFileSize
SearchPathW
GetFileSizeEx
GetStringTypeW
GetShortPathNameW
ReleaseSemaphore
HeapReAlloc
SetConsoleWindowInfo
SearchPathA
GetLongPathNameW
RaiseException
FreeLibrary
TermsrvAppInstallMode
SetFilePointer
GetDiskFreeSpaceW
FormatMessageA
GetTempPathW
CloseHandle
ReadFile
DeviceIoControl
LoadLibraryExA
WriteFile
ExitProcess
HeapFree
CompareFileTime
GlobalWire
CreateFileA
CreateFileW
LCMapStringA
DuplicateHandle
SetInformationJobObject
GlobalMemoryStatusEx
GetLogicalDriveStringsA
HeapAlloc
CreateFileMappingA
GetProcessHeap
LCMapStringW
CreateProcessA
GetProcAddress
GetTempFileNameW
OpenThread
FreeEnvironmentStringsW
GetCurrentProcessId
SetLastError

ole32

CreateDataAdviseHolder
CoQueryClientBlanket
OleBuildVersion
CoLockObjectExternal

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHFileOperationA
SHGetMalloc

advapi32

RegDeleteKeyA
RegSetValueExA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rxdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 139KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

535400d39d6c0517d2e55c8686aa4121

Headers

File Characteristics

Imports

kernel32

ole32

shell32

advapi32

version

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 6KB - Virtual size: 117KB

.rxdata Size: 3KB - Virtual size: 3KB

.pdata Size: 139KB - Virtual size: 251KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 6KB - Virtual size: 117KB

.rxdata
Size: 3KB - Virtual size: 3KB

.pdata
Size: 139KB - Virtual size: 251KB