1716fac04d49dc2dcec2f4dda00a47cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1716fac04d49dc2dcec2f4dda00a47cf_JaffaCakes118
Size

264KB
MD5

1716fac04d49dc2dcec2f4dda00a47cf
SHA1

c32473d2cfb1f2211d54b97d465fc852d0cd81ad
SHA256

e9a7d2ccf691f668c4877050ace5956c2b9c223d34d0cfeae618efb0458ffcac
SHA512

86a2676dc3a1327bfeed24da77093b2ac60f5c5737b0c48e872c76d13b270abb217a5c3f4db0465ae3967d5289f1c15ae9b72038446af76309ecc2eaae6071eb
SSDEEP

6144:wxnSu4NsMVV4Fgda5vLWGHVS8E5H8cVMPnjDGQYN4nkpr5M1bTXCW:wu/WFgda56G1Sj5Hf+PuQYsA5M1HX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1716fac04d49dc2dcec2f4dda00a47cf_JaffaCakes118

Files

1716fac04d49dc2dcec2f4dda00a47cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9d3e61cc1c5cb39e34b34ade7b58da4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
SetLastError
WaitForSingleObject
ReadConsoleInputA
IsBadWritePtr
DeleteCriticalSection
HeapAlloc
LoadLibraryA
GetACP
GetStringTypeW
GetProfileStringA
SetLocaleInfoA
FillConsoleOutputCharacterA
GetEnvironmentStringsW
InterlockedExchange
GetTickCount
GetCurrentThread
LeaveCriticalSection
MultiByteToWideChar
SetCriticalSectionSpinCount
GetStringTypeA
GetStartupInfoA
SetHandleCount
GetStdHandle
ExpandEnvironmentStringsA
TlsGetValue
HeapDestroy
LCMapStringW
GetProcAddress
FreeEnvironmentStringsA
LCMapStringA
HeapFree
GetFileAttributesExA
GetOEMCP
CreateToolhelp32Snapshot
TlsSetValue
VirtualQuery
GetCPInfo
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetEnvironmentStrings
VirtualFree
FreeEnvironmentStringsW
InitializeCriticalSection
HeapReAlloc
TlsFree
ExitProcess
EnterCriticalSection
FindFirstFileA
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
GetFileType
GetModuleHandleA
GetVersion
WideCharToMultiByte
WriteFile
GetCurrentThreadId
RtlUnwind
TlsAlloc
GetLastError
HeapCreate
GetCurrentProcessId
GetModuleFileNameA
WriteProfileSectionA

shell32

ShellExecuteW
SHInvokePrinterCommandA
ShellAboutW
SHBrowseForFolderW
DoEnvironmentSubstA
ExtractIconW
ShellExecuteA
SHGetPathFromIDListW
SHGetNewLinkInfo
ExtractAssociatedIconW
SheSetCurDrive
RealShellExecuteExW
SHFileOperation
SheChangeDirExW
ShellExecuteExA
SHGetSpecialFolderPathA
SHFileOperationA

advapi32

CryptEnumProviderTypesA
CryptSetProviderW
RevertToSelf
RegSaveKeyW
LookupSecurityDescriptorPartsW
CryptEncrypt
LookupSecurityDescriptorPartsA
CryptSignHashA
RegOpenKeyExW
CryptCreateHash
RegQueryValueW
CryptSignHashW
CryptEnumProviderTypesW
RegOpenKeyW
RegSaveKeyA
RegDeleteValueW
CryptSetProviderExA
RegDeleteKeyW
RegQueryValueA
RegReplaceKeyA
LookupAccountSidA
CryptSetKeyParam

comdlg32

ReplaceTextW
FindTextW
ReplaceTextA
GetSaveFileNameA
LoadAlterBitmap
PageSetupDlgW
GetOpenFileNameA
FindTextA
GetOpenFileNameW
ChooseColorW
ChooseColorA
ChooseFontW
PrintDlgW
GetFileTitleW
GetFileTitleA
ChooseFontA
GetSaveFileNameW

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d3e61cc1c5cb39e34b34ade7b58da4f

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

comdlg32

Sections

.text Size: 124KB - Virtual size: 123KB

.data Size: 131KB - Virtual size: 151KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 124KB - Virtual size: 123KB

.data
Size: 131KB - Virtual size: 151KB

.rsrc
Size: 8KB - Virtual size: 7KB