0c193bd3cc71cd1d2fddeb9aee2e1f87_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c193bd3cc71cd1d2fddeb9aee2e1f87_JaffaCakes118
Size

195KB
MD5

0c193bd3cc71cd1d2fddeb9aee2e1f87
SHA1

eb7d9551e8be415a7fce6619d5c2492347c26dc1
SHA256

75403a00860f4b1adad55100e96d495e8f25284044ea53ecafcdd2e6637ce9ff
SHA512

dae404e6439d97f8e6dcfc0ff49cc79012ae723d6192f5555327ec7b78ac1421ba6eedb52c80fbf6d75770663e7f0c7070777c74e677b0042741e5ae4ac5f1b1
SSDEEP

3072:AEzUBSKNgUTY+ecZgx6vjh+eZ/+eaAGjzi1FBZBRHFXTFqkoy3oJtSdKmuewXg1o:nCVTd+j0Nx9toMES2Fg5FoB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c193bd3cc71cd1d2fddeb9aee2e1f87_JaffaCakes118

Files

0c193bd3cc71cd1d2fddeb9aee2e1f87_JaffaCakes118
.exe windows:4 windows x86 arch:x86

74ae2effc6b4112cbfaa33b187e9b1cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

psapi

GetProcessMemoryInfo

msvfw32

ICInfo

kernel32

GetSystemDirectoryA
IsDebuggerPresent
CreateFileW
OutputDebugStringA
FindClose
EnumResourceNamesW
EnumResourceTypesW
CreateFiberEx
DeleteFileW
_lread
CopyFileW
ReadFile
FindResourceExW
_lclose
RemoveDirectoryW
UnhandledExceptionFilter
GetFileAttributesA
HeapReAlloc
GetFullPathNameA
lstrlenA
LoadResource
FreeLibrary
FindResourceW
GetVersion
DeleteCriticalSection
EscapeCommFunction
FindNextFileW
GlobalLock
_llseek
InterlockedIncrement
HeapFree
GetModuleHandleW
SetFileAttributesW
FreeResource
FindFirstFileW
QueryPerformanceCounter
FormatMessageW
HeapAlloc
RaiseException
UnmapViewOfFile
DebugBreak
LeaveCriticalSection
CloseHandle
ExitProcess
CreateFileMappingA
TerminateProcess
GetProcessHeap
EnumResourceNamesA
CreateDirectoryW
GlobalFree
GlobalUnlock
WriteFile
LoadLibraryExA
MultiByteToWideChar
GlobalAlloc
InterlockedDecrement
LoadLibraryExW
SizeofResource
SetFileAttributesA
UpdateResourceW
CopyFileA
GetCurrentDirectoryW
SetFilePointer
InterlockedExchange
lstrcmpiA
GetStringTypeExW
GetLocaleInfoA
FindNextFileA
SetEndOfFile
DeleteFileA
GetCurrentProcessId
GetCommandLineW
GetTickCount
BeginUpdateResourceW
LoadLibraryA
FatalExit
GetCurrentThreadId
SetLastError
GetProcAddress
EnumResourceLanguagesW
CreateDirectoryA
SetUnhandledExceptionFilter
CreateFileA
GetFileSize
GetFullPathNameW
MoveFileW
MapViewOfFile
GetCurrentProcess
lstrlenW
AreFileApisANSI
WideCharToMultiByte
HeapSize
GetEnvironmentVariableA
Sleep
GetLastError
GetTempPathW
LockResource
GetACP
EnterCriticalSection
InterlockedCompareExchange
LocalFree
_lwrite
GetVersionExA
RemoveDirectoryA
GetSystemTimeAsFileTime
EndUpdateResourceW
GetOEMCP
GetTempFileNameW
HeapDestroy
InitializeCriticalSection
GetVersionExW
GetFileAttributesW
FindFirstFileA
GetFileInformationByHandle
GetThreadLocale
lstrcpyA

advapi32

CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextA
CryptHashData
CryptDestroyHash

shell32

CommandLineToArgvW

imagehlp

ImageRvaToVa
ImageNtHeader
ImageGetDigestStream
ImageDirectoryEntryToData

user32

CharNextA
wsprintfW
MonitorFromWindow
CharNextW

Sections

.text
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74ae2effc6b4112cbfaa33b187e9b1cd

Headers

File Characteristics

Imports

psapi

msvfw32

kernel32

advapi32

shell32

imagehlp

user32

Sections

.text Size: 173KB - Virtual size: 173KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 15KB

.lib Size: 512B - Virtual size: 220KB

.text
Size: 173KB - Virtual size: 173KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 15KB

.lib
Size: 512B - Virtual size: 220KB