01c66a2e90dd46df270ebafc900280d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01c66a2e90dd46df270ebafc900280d9_JaffaCakes118
Size

197KB
MD5

01c66a2e90dd46df270ebafc900280d9
SHA1

b9a32f07ccb8cc48a3de3ea575bbb80b4038e5ab
SHA256

f32c1f3baafeb46bc1a7e71ca199bdff42243f0469812df247b7dd6a23f14278
SHA512

a62af0d82d0f67095d9c63ea6bb5e8bb46340992c05df4b1be6fac655a0bbd7c74f10be3d832e701c88b93540ed2ca58282c49b74f7b4581ac85564fd88cd76c
SSDEEP

6144:gjK1JT6ypqUMyWCkHzkJm981CQqGIz0L0B:gWnTNqJyYHQJR1CQqZ4L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01c66a2e90dd46df270ebafc900280d9_JaffaCakes118

Files

01c66a2e90dd46df270ebafc900280d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

35235b65bd73e77de6dd08d36d8d52f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvfw32

ICInfo

user32

MonitorFromWindow
CharNextA
wsprintfW
CharNextW

advapi32

CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptDestroyHash

kernel32

CreateFiberEx
HeapFree
FindResourceExW
GetSystemDirectoryA
GetTempFileNameW
AreFileApisANSI
GetTempPathW
GlobalAlloc
GlobalLock
CreateFileMappingA
IsDebuggerPresent
GlobalFree
lstrlenA
CopyFileA
GetFileInformationByHandle
GetProcAddress
MoveFileW
UpdateResourceW
DeleteCriticalSection
HeapDestroy
lstrcmpiA
GetCurrentProcessId
GetOEMCP
MultiByteToWideChar
RemoveDirectoryW
EnterCriticalSection
FindNextFileA
GetFileSize
FindNextFileW
QueryPerformanceCounter
EnumResourceNamesW
GetFileAttributesA
HeapAlloc
UnhandledExceptionFilter
FormatMessageW
_lclose
EscapeCommFunction
FindResourceW
_lread
GetACP
RemoveDirectoryA
GetStringTypeExW
FreeResource
WideCharToMultiByte
InitializeCriticalSection
SetUnhandledExceptionFilter
CreateDirectoryW
GetTickCount
EnumResourceNamesA
SetFileAttributesA
GetCurrentThreadId
Sleep
SetFileAttributesW
SetEndOfFile
EnumResourceTypesW
UnmapViewOfFile
GlobalUnlock
DeleteFileA
lstrlenW
HeapSize
CopyFileW
SizeofResource
GetVersionExW
LocalFree
SetFilePointer
_llseek
GetFullPathNameW
LoadLibraryExA
GetLocaleInfoA
InterlockedExchange
MapViewOfFile
LoadResource
DeleteFileW
WriteFile
FatalExit
FindFirstFileA
LoadLibraryExW
HeapReAlloc
GetCommandLineW
ExitProcess
GetFullPathNameA
GetVersion
GetCurrentProcess
LeaveCriticalSection
FindClose
SetLastError
FindFirstFileW
GetLastError
InterlockedIncrement
_lwrite
CreateFileA
CloseHandle
FreeLibrary
InterlockedCompareExchange
EndUpdateResourceW
BeginUpdateResourceW
GetCurrentDirectoryW
ReadFile
TerminateProcess
LoadLibraryA
GetEnvironmentVariableA
RaiseException
GetVersionExA
LockResource
CreateDirectoryA
CreateFileW
OutputDebugStringA
GetProcessHeap
EnumResourceLanguagesW
GetModuleHandleW
GetThreadLocale
DebugBreak
GetSystemTimeAsFileTime
GetFileAttributesW
InterlockedDecrement
lstrcpyA

shell32

CommandLineToArgvW

imagehlp

ImageGetDigestStream
ImageNtHeader
ImageRvaToVa
ImageDirectoryEntryToData

psapi

GetProcessMemoryInfo

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35235b65bd73e77de6dd08d36d8d52f9

Headers

File Characteristics

Imports

msvfw32

user32

advapi32

kernel32

shell32

imagehlp

psapi

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 23KB - Virtual size: 23KB

.lib Size: 512B - Virtual size: 228KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 23KB - Virtual size: 23KB

.lib
Size: 512B - Virtual size: 228KB