101fcd31340abd864b08869a67a8ef50_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

101fcd31340abd864b08869a67a8ef50_JaffaCakes118
Size

643KB
MD5

101fcd31340abd864b08869a67a8ef50
SHA1

b9787965b705c109223a673b1de6106c5a87e0ee
SHA256

e6f26c1a5c1b415507a965f86d6c31c6418248de11812e228b5d6bfd839c7232
SHA512

47980da60d69a935c76f94a1ba3deb03bca9e3d622c673ce1e64d341305d4546418627badbd2d8827c009a679f16c125709bb436a26e24eb9b908cb427b18a31
SSDEEP

6144:HqDRlRtK03Kr79fGIk0IvoaK1f7W8DM+UAMBhPzptzU2aCP5y/8:HYRlRkOa7pG0rPbDwhrnzBaCBV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
101fcd31340abd864b08869a67a8ef50_JaffaCakes118

Files

101fcd31340abd864b08869a67a8ef50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

245459f8c8d0d896355a0795220fa664

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
GetPrivateProfileSectionW
CreateDirectoryA
LoadLibraryExA
SetVolumeLabelA
GetProfileIntA
ReadConsoleOutputA
GetVersion
ReadDirectoryChangesW
GetComputerNameW
CompareStringW
GetModuleFileNameW
OpenMutexA
LoadResource
_lopen
SetThreadPriorityBoost
SetEndOfFile
ExitProcess
GlobalReAlloc
ReleaseMutex
IsDBCSLeadByteEx
LocalLock
CreateEventA
SetSystemTime
MoveFileW
GetProcessHeap
GetACP
GetSystemTimeAdjustment
GetOEMCP
SetThreadLocale

gdi32

EndDoc
GetRgnBox
PathToRegion
SetBitmapDimensionEx
SetPixelFormat
GetClipRgn

comdlg32

ReplaceTextA
GetOpenFileNameW

ole32

OleSetMenuDescriptor
CoRegisterMallocSpy
OleSaveToStream
CoLockObjectExternal

ws2_32

WSAConnect
gethostbyaddr
ntohl
getservbyname
WSAGetServiceClassInfoW
select
WSALookupServiceNextW
WSAAccept
WSASetBlockingHook
WSASetLastError

shell32

SHGetPathFromIDListA
SHAddToRecentDocs
SHGetSpecialFolderLocation
ShellExecuteA

user32

SystemParametersInfoW
SendDlgItemMessageA
IsDialogMessageW
MapVirtualKeyExW
GetClassNameA
IsCharLowerW
SetParent
CloseClipboard
ChangeMenuA
GetMessageExtraInfo
LoadKeyboardLayoutA
EmptyClipboard

advapi32

CryptExportKey
OpenEventLogW
OpenSCManagerW
NotifyBootConfigStatus
QueryServiceConfigA
AllocateAndInitializeSid
InitiateSystemShutdownA
GetSidLengthRequired
AccessCheckAndAuditAlarmW
SetTokenInformation
LookupPrivilegeDisplayNameA
ControlService
MakeSelfRelativeSD
RegEnumValueA
CryptReleaseContext

msvcrt

wcslen
fputc
_ismbblead
remove
_spawnlp
_open
iswprint
_stricmp
strncmp
strtod
_strnicmp
wcscpy
abort
swscanf
setbuf
_write
wcstombs
isupper
iswxdigit
_wstrtime
_mbsicmp
_wopen
__doserrno
_ltow
ceil
__p___argc
putchar

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245459f8c8d0d896355a0795220fa664

Headers

File Characteristics

Imports

kernel32

gdi32

comdlg32

ole32

ws2_32

shell32

user32

advapi32

msvcrt

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 323KB - Virtual size: 323KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 323KB - Virtual size: 323KB

.rsrc
Size: 10KB - Virtual size: 9KB