2615c7bbbbf696060888533056b25d69_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2615c7bbbbf696060888533056b25d69_JaffaCakes118
Size

184KB
MD5

2615c7bbbbf696060888533056b25d69
SHA1

b6b4868eda140040ff772017b77aef67b91d02c2
SHA256

a037c47519cd852c1d0e26f21ed378b3040d7a8aa08872f7b4f9177924eae6bc
SHA512

41ffe8132361e3564877b0294d31e99febece7ff64a0ee0dd6440e88a2e9252772cdc46581597c10fc1bbbeb1d15f350829bc1d1659b72f45f33f8114c319f5c
SSDEEP

3072:kw/AQB5Q6y3tUJgLWkHYv1jh2FkDwM7QXSj4BSlTy2TNaOzmASLl+dgRdm1uZ:F/1zatUJ8V4vTw2QXQDkmQ0u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2615c7bbbbf696060888533056b25d69_JaffaCakes118

Files

2615c7bbbbf696060888533056b25d69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3dd47681d5bc9641ea4d9694dd244c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

IsEqualGUID

kernel32

MulDiv
lstrcmpA
CloseHandle
GlobalHandle
LockResource
HeapFree
LocalFree
MultiByteToWideChar
GetLocaleInfoA
GetSystemDirectoryA
GetPrivateProfileStringA
HeapAlloc
GetDiskFreeSpaceA
LoadResource
TlsSetValue
InterlockedIncrement
SetThreadLocale
GetLocalTime
GetVersionExA
GetProcessHeap
VirtualAlloc
LeaveCriticalSection
TlsFree
GetSystemInfo
InterlockedDecrement
ExitProcess
GetCommandLineA
DeleteFileA
SizeofResource
GlobalReAlloc
lstrlenA
SetErrorMode
LocalAlloc
GetModuleHandleA
LoadLibraryExA
GlobalLock
RaiseException
FreeLibrary
TlsGetValue
WriteFile
SetEvent
TlsAlloc
GlobalAddAtomA
FindResourceA
GetThreadLocale
GetCPInfo
GetOEMCP
CreateFileA
GlobalAlloc
VirtualFree
EnterCriticalSection
GlobalUnlock
CompareStringA
GetACP
GetStringTypeW
CreateThread
CreateEventA
FindClose
WinExec
FindFirstFileA
UnhandledExceptionFilter
GetFileType
SetLastError
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetCurrentThreadId
GetEnvironmentStringsA
GlobalFree
WaitForSingleObject
lstrcpynA
SetEndOfFile
RtlUnwind
FormatMessageA
VirtualQuery
GetStartupInfoA
GlobalDeleteAtom
GetModuleFileNameA
WideCharToMultiByte
SetHandleCount
SetConsoleCtrlHandler
GetVersion
GetStdHandle
GetProcAddress
SetFilePointer
lstrcpyA
GetLastError
GetWindowsDirectoryA
GetFileSize
EnumCalendarInfoA
ReadFile
LoadLibraryA

advapi32

OpenProcessToken
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyA
RegCloseKey
LookupPrivilegeValueA

oleaut32

SysAllocStringLen
VariantClear
VariantChangeTypeEx
SysFreeString
VariantCopyInd
SysReAllocStringLen
SysStringLen

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3dd47681d5bc9641ea4d9694dd244c9

Headers

File Characteristics

Imports

ole32

kernel32

advapi32

oleaut32

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 3KB