3a7db303fbdd7c41c65dabdbdbd230e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a7db303fbdd7c41c65dabdbdbd230e6_JaffaCakes118
Size

409KB
MD5

3a7db303fbdd7c41c65dabdbdbd230e6
SHA1

491892c1d06abf8818dc1b30d299a8771906872e
SHA256

f7951e6743fbc9da8283365667912affbe66a93b3879a62927752014415d3529
SHA512

43886502471bdc148c2e73ad594534f6833cd5c22ea1ddb8604617d98234b414fa138b27841a988a5a7fcc62ba2a154f68f3fc4abf29d2342dfaa4b5f26b124b
SSDEEP

12288:VG8mEX8uaZmIWHcfgak4ODFTO5bgC/ztlIqhplRCLpN:xi/cEDRC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a7db303fbdd7c41c65dabdbdbd230e6_JaffaCakes118

Files

3a7db303fbdd7c41c65dabdbdbd230e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29e20479b5168274b7398467c2346c01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupSecurityDescriptorPartsW
LookupPrivilegeValueW
CryptEncrypt
CreateServiceA
CryptGetKeyParam
RegDeleteKeyW
CryptSetProviderA
RegReplaceKeyA
DuplicateTokenEx
CryptSignHashA
RegRestoreKeyW

shell32

SHGetPathFromIDList
RealShellExecuteExW
SHBrowseForFolderA
RealShellExecuteW
SheChangeDirA
SHGetPathFromIDListA
SHGetSpecialFolderPathW
DoEnvironmentSubstW
ExtractIconEx
SHGetInstanceExplorer
DragQueryPoint
CommandLineToArgvW
SheSetCurDrive
RealShellExecuteExA
ExtractAssociatedIconExW
SheGetDirA

wininet

GopherGetLocatorTypeW
InternetCanonicalizeUrlA
InternetInitializeAutoProxyDll
SetUrlCacheEntryGroup
FindFirstUrlCacheGroup
DeleteUrlCacheEntryW
FindNextUrlCacheEntryA

user32

GetKeyState
ReleaseDC
GetWindowContextHelpId
GetPropW
GetCapture

kernel32

CompareStringW
GetSystemInfo
EnumTimeFormatsA
TlsAlloc
FreeEnvironmentStringsA
IsBadWritePtr
HeapAlloc
GetProfileSectionW
GetCurrentThread
WriteFile
GetCPInfo
RtlUnwind
TerminateProcess
LoadLibraryW
GetFileType
SetHandleCount
SetEnvironmentVariableA
GetUserDefaultLCID
HeapReAlloc
GetLocaleInfoW
GetStringTypeW
GetStringTypeExW
LoadLibraryA
MultiByteToWideChar
DeleteCriticalSection
FileTimeToSystemTime
ReadFileEx
LCMapStringA
GetStdHandle
QueryPerformanceCounter
HeapFree
FreeEnvironmentStringsW
GetCurrentProcessId
ReadConsoleInputA
TlsGetValue
GetDateFormatA
GetACP
InitializeCriticalSection
GetProcAddress
GetModuleFileNameA
CreateSemaphoreW
InterlockedExchange
GetStartupInfoA
VirtualAlloc
LeaveCriticalSection
SetTimeZoneInformation
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTempFileNameW
VirtualProtect
GetTickCount
IsBadReadPtr
HeapCreate
SystemTimeToFileTime
GetLastError
IsValidLocale
LocalUnlock
WideCharToMultiByte
IsValidCodePage
VirtualFree
GetVersionExA
GetCurrentProcess
GetLocaleInfoA
LCMapStringW
GetOEMCP
HeapDestroy
GetCurrentThreadId
HeapSize
GlobalFlags
GetTimeZoneInformation
SetWaitableTimer
SetPriorityClass
VirtualQuery
GetModuleHandleA
GetStringTypeA
TlsSetValue
GetEnvironmentStrings
EnterCriticalSection
GetEnvironmentStringsW
GetCommandLineA
WaitNamedPipeA
EnumSystemLocalesA
GetNamedPipeHandleStateW
lstrcatA
SetLastError
GetThreadContext
CompareStringA
GetTimeFormatA
TlsFree
ExitProcess

gdi32

GdiFlush
LPtoDP
CreateColorSpaceW
Rectangle
EqualRgn
CombineRgn
GetCharWidthFloatW

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29e20479b5168274b7398467c2346c01

Headers

File Characteristics

Imports

advapi32

shell32

wininet

user32

kernel32

gdi32

Sections

.text Size: 133KB - Virtual size: 133KB

.data Size: 272KB - Virtual size: 281KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 133KB - Virtual size: 133KB

.data
Size: 272KB - Virtual size: 281KB

.rsrc
Size: 3KB - Virtual size: 2KB