0d756f040936758d11b166bdebb1f478_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d756f040936758d11b166bdebb1f478_JaffaCakes118
Size

244KB
MD5

0d756f040936758d11b166bdebb1f478
SHA1

77c31348b5231cee669b79a632ecab11f754ebe7
SHA256

5a2f43f7dba734b8587ebb009919a1bf49d0225b26c73a6bc8faf8a71a9ffdac
SHA512

cd3171ce432ffd20786d364faea205e03763dbaff4e2b66fb9e49fc5677fd304e8000109a82f33b4b43bb28fe666226ddc9d927b4e0b24013cde8d82a0c97983
SSDEEP

6144:TiKtKxszNdT3sv26uxvUYP0K0492BPlieqMcN8GdM:TiKtKxsBdT3T67YP0K0H3qtZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d756f040936758d11b166bdebb1f478_JaffaCakes118

Files

0d756f040936758d11b166bdebb1f478_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1653e6f04ff49826afd5a53141412bc4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFreeEx
GetLastError
CreateRemoteThread
RtlMoveMemory
GetCommandLineA
GetProcAddress
HeapAlloc
TlsAlloc
LeaveCriticalSection
HeapSize
SetEnvironmentVariableA
WriteFile
WaitCommEvent
LCMapStringA
WideCharToMultiByte
LCMapStringW
UnhandledExceptionFilter
GetEnvironmentStrings
GetEnvironmentStringsW
WritePrivateProfileStringA
IsDebuggerPresent
DeleteCriticalSection
GetFileType
EnterCriticalSection
GetEnvironmentStringsA
GetProcessHeap
SetConsoleCtrlHandler
GetDateFormatA
GetProcAddress
WaitForMultipleObjectsEx
GetCurrentThread
SetUnhandledExceptionFilter
WriteConsoleA
CompareStringW
WriteConsoleOutputCharacterA
GetStartupInfoA
VirtualQuery
HeapDestroy
SetLastError
InterlockedDecrement
GetStringTypeExW
GetStringTypeA
MultiByteToWideChar
GetCPInfo
HeapReAlloc
HeapCreate
ExitProcess
UnmapViewOfFile
lstrcat
VirtualAlloc
Sleep
QueryPerformanceCounter
GetCurrentProcess
GetTimeZoneInformation
GetModuleHandleA
FreeEnvironmentStringsW
GetStringTypeW
GetTimeFormatA
GetCurrentThreadId
InterlockedIncrement
TlsGetValue
CompareStringA
FreeLibrary
GetCurrentProcessId
VirtualFree
GetUserDefaultLCID
GetCurrencyFormatW
LoadLibraryExW
GetTickCount
GetLocaleInfoW
SetConsoleCP
FreeEnvironmentStringsA
IsValidCodePage
InitializeCriticalSection
RtlUnwind
EnumSystemLocalesA
GetSystemTimeAsFileTime
InterlockedExchange
GetVersionExA
GetAtomNameA
CreateDirectoryA
GetACP
TlsSetValue
GetLocaleInfoA
GetStdHandle
HeapFree
TerminateProcess
LoadLibraryA
GetOEMCP
SetHandleCount
TlsFree
GetNumberFormatA
GetModuleFileNameA
IsValidLocale
GetSystemDirectoryA

user32

GetKeyState
GetScrollRange
CharNextA
SetWinEventHook
GetInputState
GetSubMenu
LoadBitmapA
GetSysColor
EnumThreadWindows
GetWindowInfo
CloseClipboard
GetScrollBarInfo
LoadCursorA
CallMsgFilter

shell32

SheSetCurDrive
SHGetSpecialFolderLocation
DoEnvironmentSubstA
FreeIconList
SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetFileInfoA
ShellExecuteExA
RealShellExecuteW
ExtractAssociatedIconExW
SHInvokePrinterCommandA
ExtractAssociatedIconW
SHBrowseForFolder
InternalExtractIconListW
SheGetDirA
DuplicateIcon
SheChangeDirA
RealShellExecuteA
RealShellExecuteExA
ShellExecuteEx
DoEnvironmentSubstW
CheckEscapesW

advapi32

RegSetValueW
CryptGenRandom
RegCreateKeyW
RegDeleteKeyW
CreateServiceA
CryptGetProvParam
RegEnumValueW
CryptSetProviderA

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1653e6f04ff49826afd5a53141412bc4

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 112KB - Virtual size: 111KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 112KB - Virtual size: 111KB

.rsrc
Size: 6KB - Virtual size: 6KB