141362508a3e509f1534664b3ad32fa2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

141362508a3e509f1534664b3ad32fa2_JaffaCakes118
Size

439KB
MD5

141362508a3e509f1534664b3ad32fa2
SHA1

a0b1c49cad959ba7a653a062f454a1950e1f4974
SHA256

f6d3151222ccab88aada3fb0664989e4a4b8c88a2659a1892d18be8c32a8250a
SHA512

411623f9bd7f6050e21170002c838ee0b6891f1f59bffbd46e2b7796d4769978abfebf4b1228922bab4dcc8d81f1328c052bf883571c7b3eb2c05c9425c1ab48
SSDEEP

12288:qRLD9nRcNq+Y4U3vJHFKegXrwCb1Tl86gh4H:ER6Y7vRFqXvRTl86D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
141362508a3e509f1534664b3ad32fa2_JaffaCakes118

Files

141362508a3e509f1534664b3ad32fa2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

534248009842129a2472e66956762586

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeSecurityDescriptor
ReportEventA
CreateServiceA
DuplicateTokenEx
RegQueryMultipleValuesA
LookupPrivilegeNameA
RegQueryValueW
AbortSystemShutdownA
CryptCreateHash

user32

GetDlgItemTextW
CopyAcceleratorTableA
EnumPropsA
GetScrollInfo
GetMenuItemInfoW
EnableWindow
SetClassLongW
CharNextExA
RegisterClassExW
DdeInitializeW
EnumWindowStationsW
IsWindow
EnumPropsExW
IsWindowVisible

gdi32

CopyEnhMetaFileW
ExtEscape
GetGraphicsMode
GetKerningPairs
CreatePolygonRgn
ExcludeClipRect
GetMetaRgn
CreateCompatibleDC
GetPolyFillMode
StartDocW
FixBrushOrgEx
CreateCompatibleBitmap
GetCharacterPlacementA
GetColorAdjustment
PathToRegion
GdiPlayScript
ColorMatchToTarget
CreateEnhMetaFileW
GetMiterLimit

comdlg32

GetSaveFileNameA
PrintDlgA
ChooseColorW
GetFileTitleW
ChooseColorA
ReplaceTextA
PageSetupDlgW

kernel32

TerminateProcess
GetDateFormatA
HeapCreate
GetTickCount
ExitProcess
VirtualAlloc
TlsFree
GetACP
GetEnvironmentStringsW
SetLastError
TlsSetValue
GetCommandLineW
GetEnvironmentStrings
InterlockedExchange
EnumSystemLocalesA
WritePrivateProfileStringW
LCMapStringA
LCMapStringW
GetCurrentProcess
GetSystemInfo
IsBadWritePtr
GetLocaleInfoW
DeleteCriticalSection
GetSystemTime
HeapReAlloc
CompareStringW
GetVersionExA
GetStdHandle
GetStringTypeW
VirtualQuery
DebugBreak
GetModuleFileNameA
GetCurrentThread
GetCommandLineA
InitializeCriticalSection
VirtualProtect
WideCharToMultiByte
GetCurrentThreadId
CompareStringA
GetOEMCP
GetTempFileNameW
TlsAlloc
GetTimeFormatA
GetCPInfo
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
LoadLibraryA
LoadLibraryExA
GetStartupInfoW
EnterCriticalSection
GetEnvironmentVariableW
GetLocaleInfoA
HeapFree
UnhandledExceptionFilter
QueryPerformanceCounter
GetUserDefaultLCID
GetFileType
GetModuleHandleA
HeapSize
SetHandleCount
VirtualFree
GetTimeZoneInformation
IsValidLocale
HeapDestroy
GetLastError
GetProcAddress
LeaveCriticalSection
GetStringTypeA
IsValidCodePage
MultiByteToWideChar
GetCurrentProcessId
HeapAlloc
GetPriorityClass
WriteConsoleInputA
SetEnvironmentVariableA
GetModuleFileNameW
AllocConsole
TlsGetValue
RtlUnwind
WriteFile
GetStartupInfoA
FreeEnvironmentStringsA

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 309KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

534248009842129a2472e66956762586

Headers

File Characteristics

Imports

advapi32

user32

gdi32

comdlg32

kernel32

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: 309KB - Virtual size: 325KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 120KB - Virtual size: 119KB

.data
Size: 309KB - Virtual size: 325KB

.rsrc
Size: 9KB - Virtual size: 8KB