278b839100962c034a64b939f90c2d59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

278b839100962c034a64b939f90c2d59_JaffaCakes118
Size

571KB
MD5

278b839100962c034a64b939f90c2d59
SHA1

0dbfda60001362e70539c9974d9c12c89a8eccb1
SHA256

ce0b628211de10e73eb030ce16dcba2fe107a5d0e73b891b1bc01b38055be51b
SHA512

2ac526eac9b5eb22e1cde50f0a725a071ad893a911c80efc92105726766b9054fe28f0df8421d98b14fe5bb593ec2449c37291ec734338067c4aac03f1a53109
SSDEEP

12288:HSEEu3UKkPM1uP4lZG/MUuNiqnp+1I4tHszQPnR2UlrhXJTv:/9GP4/GMUuNiepEKQfflrhZTv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
278b839100962c034a64b939f90c2d59_JaffaCakes118

Files

278b839100962c034a64b939f90c2d59_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0dcd32f3a473f910ecc994132d00459

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetLastError
SetEnvironmentVariableA
HeapSize
SetStdHandle
IsValidLocale
FlushFileBuffers
GetCurrentProcess
LeaveCriticalSection
TerminateProcess
SetLastError
GetCommandLineA
HeapCreate
HeapAlloc
HeapDestroy
VirtualAlloc
FreeEnvironmentStringsA
TlsSetValue
GetEnvironmentStrings
LCMapStringW
UnhandledExceptionFilter
RtlUnwind
WideCharToMultiByte
GetTimeZoneInformation
GetStartupInfoA
GetCurrentThreadId
GetCommandLineW
lstrcat
SetFilePointer
TlsFree
EnterCriticalSection
CompareStringA
IsValidCodePage
WaitForSingleObject
CompareStringW
ReadFile
GetCurrentThread
GetACP
ExitProcess
CommConfigDialogW
GetStringTypeA
IsBadWritePtr
GetLocaleInfoW
OpenMutexA
LCMapStringA
InitializeCriticalSection
HeapReAlloc
GetStringTypeW
GetModuleFileNameW
WriteFile
GetDateFormatA
CreateMutexA
GetFileType
GetCPInfo
GetTimeFormatA
VirtualProtect
GetSystemTimeAsFileTime
SetHandleCount
GetVersionExA
QueryPerformanceCounter
SetConsoleScreenBufferSize
GetSystemInfo
HeapFree
VirtualQuery
TlsAlloc
VirtualFree
EnumSystemLocalesA
LoadLibraryA
GetStartupInfoW
GetModuleFileNameA
GetNumberFormatA
GetComputerNameW
GetLocaleInfoA
GetModuleHandleA
GetEnvironmentStringsW
GetUserDefaultLCID
GetOEMCP
GetStdHandle
InterlockedExchange
GetTickCount
CloseHandle
TlsGetValue
GetProcAddress
MultiByteToWideChar
SetThreadAffinityMask
DeleteCriticalSection
GetCurrentProcessId
WriteConsoleW

advapi32

LookupSecurityDescriptorPartsW
CryptDeriveKey
CryptGenKey
CryptSetProviderExW
RegLoadKeyA
CryptDestroyKey
RegEnumKeyExW
RegSetValueW
AbortSystemShutdownW
RegQueryValueExW
DuplicateTokenEx
CryptGetDefaultProviderA
ReportEventA
RegDeleteKeyA
CryptGetUserKey
LookupPrivilegeDisplayNameA
CryptDuplicateHash
InitializeSecurityDescriptor
InitiateSystemShutdownW

user32

PostThreadMessageW
SetPropA
RegisterClassExA
TranslateMDISysAccel
ReleaseDC
ToUnicode
SetWinEventHook
RegisterClassA
DispatchMessageA

comdlg32

GetOpenFileNameW

wininet

UpdateUrlCacheContentPath
GetUrlCacheConfigInfoA
DeleteIE3Cache
CreateUrlCacheEntryW
CommitUrlCacheEntryA
FindCloseUrlCache

comctl32

InitCommonControlsEx

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0dcd32f3a473f910ecc994132d00459

Headers

File Characteristics

Imports

kernel32

advapi32

user32

comdlg32

wininet

comctl32

Sections

.text Size: 196KB - Virtual size: 196KB

.rdata Size: 8KB - Virtual size: 14KB

.data Size: 359KB - Virtual size: 358KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 196KB - Virtual size: 196KB

.rdata
Size: 8KB - Virtual size: 14KB

.data
Size: 359KB - Virtual size: 358KB

.rsrc
Size: 6KB - Virtual size: 5KB