39b10e934571361a0b24a3840366ea65_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

39b10e934571361a0b24a3840366ea65_JaffaCakes118
Size

401KB
MD5

39b10e934571361a0b24a3840366ea65
SHA1

da5cf7dfe823ce50c024157db562bb9968c14657
SHA256

cf1a65d37c9a3b32357adafe3a68cac30864ef053abdeab2501d3946fa0616b1
SHA512

8f3775756fd4267b7319da3d1343389af5c17702c84cc26899fb7d5f826c10e7e38c4b3cebf4805b96bc45310552c9bf7b71f6a43ea9deefe40f86bfb2d322d2
SSDEEP

12288:XuW0zOqpoo9Omz0xw6d8H90X0FL53ICwwW/RoAHX:XV06qpB4LC+8HSEFl5S/PH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39b10e934571361a0b24a3840366ea65_JaffaCakes118

Files

39b10e934571361a0b24a3840366ea65_JaffaCakes118
.exe windows:4 windows x86 arch:x86

14bc9f4c668f6fc3e8d67805dfc96ab3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MsgWaitForMultipleObjectsEx
SetParent

advapi32

RevertToSelf
CryptDestroyHash
LookupAccountNameW
CryptImportKey
InitializeSecurityDescriptor

shell32

SHInvokePrinterCommandA
DragQueryFileW
SHGetFileInfo
ShellExecuteA
SHGetDataFromIDListA
SHGetSpecialFolderLocation
SHFileOperationA
SHGetSpecialFolderPathW
InternalExtractIconListW
ShellExecuteEx
SHQueryRecycleBinW
ShellExecuteExA
DragQueryPoint
ExtractAssociatedIconExW
SHGetPathFromIDListW
SHBrowseForFolderA
SHGetMalloc
SheSetCurDrive
InternalExtractIconListA
ShellExecuteExW
SHGetSpecialFolderPathA
ExtractIconA
CheckEscapesW
SheChangeDirExW
FindExecutableA

gdi32

CancelDC
GetPixelFormat
GetCharABCWidthsA
GetDIBColorTable
PaintRgn

kernel32

HeapCreate
IsValidLocale
GetCurrentThreadId
GetOEMCP
GetTimeZoneInformation
FileTimeToSystemTime
GetStringTypeA
CompareStringA
HeapFree
CreateDirectoryW
DeleteCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
GetFileType
GetStartupInfoW
SleepEx
VirtualFree
GetCommandLineW
EnumSystemLocalesA
TlsSetValue
GetModuleFileNameA
FreeEnvironmentStringsW
GetTickCount
GetLocaleInfoA
VirtualProtect
IsDebuggerPresent
EnterCriticalSection
SetEnvironmentVariableA
RtlUnwind
CommConfigDialogW
GetModuleHandleA
FindResourceW
InitializeCriticalSection
EnumSystemCodePagesA
FreeEnvironmentStringsA
LoadLibraryA
HeapAlloc
GetCPInfo
GetUserDefaultLCID
GetModuleFileNameW
HeapSize
GetFileAttributesW
LeaveCriticalSection
GetSystemDirectoryW
MultiByteToWideChar
TlsAlloc
GetCurrentProcessId
InterlockedExchange
ResumeThread
EnumDateFormatsA
GetProcAddress
TerminateProcess
HeapDestroy
CopyFileA
GetVersionExA
FreeLibraryAndExitThread
VirtualAlloc
TlsFree
GetStringTypeW
ExitProcess
GetDateFormatA
IsValidCodePage
IsBadWritePtr
GetSystemTimeAsFileTime
CompareStringW
GetLocaleInfoW
GetEnvironmentStrings
GetStdHandle
SystemTimeToFileTime
TlsGetValue
GetCurrentThread
SetHandleCount
VirtualQuery
QueryPerformanceCounter
GetLastError
SetLastError
GetSystemInfo
GetACP
GetTimeFormatA
WideCharToMultiByte
lstrcpynA
GetPriorityClass
LoadLibraryExW
GetNamedPipeHandleStateW
WriteFile
GetThreadTimes
HeapReAlloc
LCMapStringA
GetEnvironmentStringsW
LCMapStringW
OutputDebugStringW
GetCommandLineA
GetStartupInfoA

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14bc9f4c668f6fc3e8d67805dfc96ab3

Headers

File Characteristics

Imports

user32

advapi32

shell32

gdi32

kernel32

Sections

.text Size: 121KB - Virtual size: 120KB

.data Size: 272KB - Virtual size: 287KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 121KB - Virtual size: 120KB

.data
Size: 272KB - Virtual size: 287KB

.rsrc
Size: 7KB - Virtual size: 7KB