139a9cea8202609454436074c2027aa9_JaffaCakes118

General

Target

139a9cea8202609454436074c2027aa9_JaffaCakes118
Size

411KB
MD5

139a9cea8202609454436074c2027aa9
SHA1

4ba46be870341cec728076c874f60f949468d64a
SHA256

61aa196f564e0244ebb8c671b3b7af87ef0e7b5573b8d3bd85d303694abaf017
SHA512

4dab6257f63ba8215470c80bc610a3757da7d78b3b07f2abab2e2bac03ca7003f169529c00d7596b05e992a6831a1ef647ac245331f7fafec4f9841dc50a5aa7
SSDEEP

12288:oKeyTQouVY8E7/rGdLPzSM0KHZyxxKAsTnhdnm7:N+VYzqLPGM1pfrm7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
139a9cea8202609454436074c2027aa9_JaffaCakes118

Files

139a9cea8202609454436074c2027aa9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af65e66598d74ad7d754da8ee4f05759

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
VirtualFree
FoldStringW
GetProfileIntW
SetLastError
FreeEnvironmentStringsA
HeapAlloc
LoadLibraryA
GetCurrentThread
InitializeCriticalSection
OpenMutexW
MapViewOfFileEx
EnterCriticalSection
GetModuleFileNameW
InterlockedExchange
GetTickCount
GetFileType
TlsGetValue
TlsSetValue
WriteConsoleInputA
HeapDestroy
GetVersion
UnhandledExceptionFilter
HeapCreate
TransactNamedPipe
WriteFile
MultiByteToWideChar
TlsFree
GetProcAddress
GetCommandLineA
TlsAlloc
HeapFree
WriteProfileSectionA
GetStdHandle
CreateToolhelp32Snapshot
GetStartupInfoW
VirtualQuery
GetEnvironmentStrings
LeaveCriticalSection
GetSystemTimeAsFileTime
GetLastError
GetCurrentProcessId
GetCommandLineW
SetHandleCount
HeapReAlloc
RtlUnwind
ExitProcess
FreeEnvironmentStringsW
DeleteCriticalSection
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
IsBadWritePtr
GetModuleFileNameA
ReadFileEx
GetCurrentThreadId

wininet

ShowClientAuthCerts

comdlg32

ChooseFontW
ReplaceTextA
GetOpenFileNameA

shell32

SHGetInstanceExplorer
SHFileOperationA
SHBrowseForFolderA
DragQueryFile
FindExecutableA
ShellExecuteExW
DuplicateIcon
ShellExecuteW
RealShellExecuteExW
SHGetPathFromIDList
SheChangeDirExW
DragAcceptFiles
SHGetSpecialFolderPathA
DragQueryPoint
SheChangeDirA
SHInvokePrinterCommandA
SHGetMalloc
ExtractAssociatedIconW
SHGetDesktopFolder

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af65e66598d74ad7d754da8ee4f05759

Headers

File Characteristics

Imports

kernel32

wininet

comdlg32

shell32

Sections

.text Size: 135KB - Virtual size: 135KB

.data Size: 269KB - Virtual size: 288KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 135KB - Virtual size: 135KB

.data
Size: 269KB - Virtual size: 288KB

.rsrc
Size: 5KB - Virtual size: 5KB