138ede503cf975b7fa2971a409fe8698_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

138ede503cf975b7fa2971a409fe8698_JaffaCakes118
Size

249KB
MD5

138ede503cf975b7fa2971a409fe8698
SHA1

e0c9fd4f5d4a3afd32fe341fa432add790807db7
SHA256

d9ae5cd9296b0c868af0906ca252dea8c4f7b608f7ba4bc70590b37d47e81988
SHA512

703e61b71dff46639144d6e0bd136fab6840106e8a7c4c556ba88dbf68c11bda20fa8d31c3f631b3fbf6fadb4aef731a778b9dc3cb55b059e0673a5736d953c6
SSDEEP

6144:NiEk6Iv2uAsGLoXxBNKbxqt5ArmODlJ8ZOblxmF/CGKV4IuZ:bk6IvzAbLoBn+aOT8ZOz8/0V4IuZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
138ede503cf975b7fa2971a409fe8698_JaffaCakes118

Files

138ede503cf975b7fa2971a409fe8698_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fae7478f14bc85c30105ecf66a92c7b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
LCMapStringA
EnterCriticalSection
FreeEnvironmentStringsA
InitializeCriticalSection
GetCurrentThread
HeapAlloc
LoadLibraryA
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsW
CompareStringW
GetCommandLineA
GetProcessHeap
InterlockedExchange
TlsFree
GetLocaleInfoW
IsDebuggerPresent
IsValidCodePage
FreeLibrary
GetTimeZoneInformation
GetStringTypeW
IsValidLocale
GetTimeFormatA
CompareStringA
MultiByteToWideChar
HeapDestroy
InterlockedIncrement
GetProcAddress
GetEnvironmentStrings
InterlockedDecrement
HeapFree
EnumSystemLocalesA
GetStringTypeA
GetCPInfo
SetConsoleCtrlHandler
VirtualQuery
TlsSetValue
SetEnvironmentVariableA
WideCharToMultiByte
GetOEMCP
SetHandleCount
GetEnvironmentStringsW
HeapSize
HeapReAlloc
TlsGetValue
ExitProcess
GetDateFormatA
GetACP
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
Sleep
GetModuleHandleA
GetVersionExA
SetLastError
SetUnhandledExceptionFilter
GetCurrentThreadId
WriteFile
LCMapStringW
GetStdHandle
HeapCreate
GetCurrentProcessId
GetModuleFileNameA
TlsAlloc
GetStartupInfoA
DeleteCriticalSection
GetTickCount
LeaveCriticalSection
GetLastError
GetUserDefaultLCID
GetSystemTimeAsFileTime
VirtualFree
RtlUnwind

comdlg32

ChooseFontW
FindTextW
GetOpenFileNameW
PageSetupDlgW
ReplaceTextW

wininet

ShowX509EncodedCertificate
FtpGetCurrentDirectoryW
DeleteUrlCacheContainerW
InternetConfirmZoneCrossing

shell32

DragQueryFileAorW
ShellExecuteExA
ExtractIconExW
SHEmptyRecycleBinW
SHAppBarMessage
SHAddToRecentDocs
SHLoadInProc
SHGetSpecialFolderPathA
RealShellExecuteExA
SHUpdateRecycleBinIcon
ExtractIconExA
DragQueryFileA
SHGetPathFromIDListW
SheGetDirA
SHGetSettings
InternalExtractIconListA
CheckEscapesW
ExtractAssociatedIconExA
SHGetDiskFreeSpaceA
ShellExecuteExW
SHGetInstanceExplorer
SHGetNewLinkInfo
SheChangeDirExW
SHFileOperationA

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fae7478f14bc85c30105ecf66a92c7b2

Headers

File Characteristics

Imports

kernel32

comdlg32

wininet

shell32

Sections

.text Size: 123KB - Virtual size: 122KB

.data Size: 113KB - Virtual size: 135KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 123KB - Virtual size: 122KB

.data
Size: 113KB - Virtual size: 135KB

.rsrc
Size: 11KB - Virtual size: 11KB