2518fdab1ac9661f8676948c7be23e00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2518fdab1ac9661f8676948c7be23e00_JaffaCakes118
Size

531KB
MD5

2518fdab1ac9661f8676948c7be23e00
SHA1

d0c2fd70c7550f4a0a58df7ce13cd1444c6ae533
SHA256

f36195eb13e3ab14c4c3ff12804f2570637258411006c26b4524309e649d13f2
SHA512

0cd6aad7f1e292e813019d26ab388d02962b4ce5e354390dec6512b0c71cd8e6c53b4f7f02127f75cf5255353845d98d01616a3575e012fe31a0bb34958bfee1
SSDEEP

12288:Fmv77vVZ1CHCR/kkISKh/tRyL/GBBhRB42eoWgIOE4EwSDRlrxyLQ:Fmvv5CHgISavKGB5+Pg04ErDR5QQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2518fdab1ac9661f8676948c7be23e00_JaffaCakes118

Files

2518fdab1ac9661f8676948c7be23e00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e358ddf07f96777be50a89c1395c78f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\ageukvezxt\euq\e

Imports

gdi32

GetMetaFileBitsEx
DeleteObject
Chord
CreateDIBSection
SetMagicColors
GdiPlayJournal
SelectClipPath

comctl32

InitCommonControlsEx

kernel32

InterlockedExchange
GetCPInfo
SetStdHandle
SetEnvironmentVariableA
ReadConsoleOutputCharacterA
GetLastError
GetConsoleMode
InterlockedIncrement
ContinueDebugEvent
TlsSetValue
GetCurrentProcessId
InitializeCriticalSection
HeapCreate
TlsFree
TlsAlloc
WideCharToMultiByte
GetDateFormatA
GetStdHandle
GetCommandLineA
GetCurrentThreadId
EnterCriticalSection
GetProcAddress
HeapAlloc
CloseHandle
ResumeThread
LeaveCriticalSection
GetConsoleCP
UnhandledExceptionFilter
GlobalAddAtomA
DeleteCriticalSection
GetEnvironmentStringsW
SetFilePointer
MultiByteToWideChar
Sleep
FreeEnvironmentStringsW
GetTimeZoneInformation
VirtualFree
GetStringTypeW
CreateMutexA
GetCurrentThread
TerminateProcess
GetStartupInfoA
LCMapStringW
WriteFile
GetCommandLineW
CompareStringA
FlushFileBuffers
SetConsoleCtrlHandler
HeapReAlloc
QueryPerformanceCounter
GetOEMCP
EnumDateFormatsExW
WriteConsoleW
GetTickCount
HeapSize
GetModuleFileNameA
SetHandleCount
GetTimeFormatA
GetUserDefaultLCID
IsDebuggerPresent
IsValidCodePage
IsValidLocale
FreeLibrary
GetSystemTimeAsFileTime
GetStringTypeA
RtlUnwind
LoadLibraryA
SetLastError
TlsGetValue
GetFileType
GetCurrentProcess
GetLocaleInfoA
HeapDestroy
EnumSystemLocalesA
GetPrivateProfileStringA
CreateFileA
GetVersionExA
GetLocaleInfoW
VirtualAlloc
GetConsoleOutputCP
VirtualQuery
SetUnhandledExceptionFilter
CompareStringW
LCMapStringA
OpenMutexA
VirtualFreeEx
GetProfileStringW
WriteConsoleA
SetVolumeLabelW
FreeEnvironmentStringsA
ExitProcess
GetProcessHeap
GetModuleHandleA
GetACP
InterlockedDecrement
GetStartupInfoW
ReadFile
GetEnvironmentStrings
GetModuleFileNameW
HeapFree

user32

SetMessageExtraInfo
SetMenuInfo
RegisterClassA
GetPropA
AppendMenuW
RegisterClassExA
RedrawWindow
EnumWindowStationsW
CreateDialogParamA

shell32

DoEnvironmentSubstA
DoEnvironmentSubstW

Sections

.text
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e358ddf07f96777be50a89c1395c78f5

Headers

File Characteristics

PDB Paths

Imports

gdi32

comctl32

kernel32

user32

shell32

Sections

.text Size: 368KB - Virtual size: 367KB

.rdata Size: 30KB - Virtual size: 43KB

.data Size: 106KB - Virtual size: 106KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 368KB - Virtual size: 367KB

.rdata
Size: 30KB - Virtual size: 43KB

.data
Size: 106KB - Virtual size: 106KB

.rsrc
Size: 25KB - Virtual size: 25KB