3ea2504d607f37fa6576e07262e9501e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ea2504d607f37fa6576e07262e9501e_JaffaCakes118
Size

186KB
MD5

3ea2504d607f37fa6576e07262e9501e
SHA1

736780958a8060e77b00bac908c5059e049338f5
SHA256

9d9365756f438bef6e70a99c3f7280b83bdabe0c50af2c382cdd86754ed10e46
SHA512

a810df8b2cce9e190cb952b6841a1b69567dcae137e89a947e8bc165b6572d3982190bb682227685f68eaa516f30bfee9b58be39717ba4b7a73d5688587d4fc7
SSDEEP

3072:dLInZXhN7famP6SFt72pYItP2I2fTZrZvRcrswGkUelDFb:dMNemlaYIt+dZvyrGyl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ea2504d607f37fa6576e07262e9501e_JaffaCakes118

Files

3ea2504d607f37fa6576e07262e9501e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5c46704824b8e8226a1ab8a888507cd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

imagehlp

ImageGetDigestStream
ImageRvaToVa
ImageNtHeader
ImageDirectoryEntryToData

advapi32

CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptAcquireContextA
CryptDestroyHash

psapi

GetProcessMemoryInfo

kernel32

GlobalUnlock
HeapDestroy
RemoveDirectoryW
SetFileAttributesW
InterlockedCompareExchange
GetFileSize
EndUpdateResourceW
LoadLibraryExW
GetOEMCP
GetLastError
IsDebuggerPresent
LoadLibraryA
CreateFiberEx
UnhandledExceptionFilter
EnumResourceLanguagesW
InterlockedDecrement
GetCurrentDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceCounter
BeginUpdateResourceW
OutputDebugStringA
FreeResource
GetSystemDirectoryA
GetFileInformationByHandle
GetTickCount
AreFileApisANSI
GetCommandLineW
DeleteCriticalSection
LoadLibraryExA
LockResource
GetFileAttributesA
RemoveDirectoryA
EscapeCommFunction
Sleep
TerminateProcess
GlobalLock
DeleteFileA
HeapAlloc
CreateFileW
GetTempPathW
EnumResourceNamesW
InterlockedIncrement
CopyFileW
GetEnvironmentVariableA
FindNextFileA
_lread
CreateFileMappingA
EnumResourceNamesA
DeleteFileW
GetCurrentProcess
GetThreadLocale
WriteFile
ReadFile
SetUnhandledExceptionFilter
_lclose
GetVersionExA
_lwrite
GetCurrentThreadId
UpdateResourceW
SetFilePointer
FindResourceExW
lstrcmpiA
EnumResourceTypesW
EnterCriticalSection
DebugBreak
CreateDirectoryA
InitializeCriticalSection
CopyFileA
SizeofResource
GetFullPathNameA
CreateDirectoryW
HeapSize
MultiByteToWideChar
FindFirstFileW
GlobalAlloc
GetFullPathNameW
_llseek
GetVersionExW
LoadResource
FindNextFileW
ExitProcess
FatalExit
SetEndOfFile
FormatMessageW
MapViewOfFile
FindClose
GlobalFree
GetLocaleInfoA
FindResourceW
lstrlenW
FreeLibrary
MoveFileW
LeaveCriticalSection
GetVersion
GetCurrentProcessId
GetStringTypeExW
WideCharToMultiByte
GetTempFileNameW
CloseHandle
FindFirstFileA
InterlockedExchange
GetFileAttributesW
LocalFree
GetModuleHandleW
GetProcessHeap
GetACP
RaiseException
CreateFileA
UnmapViewOfFile
HeapReAlloc
lstrlenA
GetProcAddress
HeapFree
SetLastError
SetFileAttributesA
lstrcpyA

shell32

CommandLineToArgvW

msvfw32

ICInfo

user32

MonitorFromWindow
wsprintfW
CharNextA
CharNextW

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5c46704824b8e8226a1ab8a888507cd

Headers

File Characteristics

Imports

imagehlp

advapi32

psapi

kernel32

shell32

msvfw32

user32

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 19KB

.lib Size: 512B - Virtual size: 76KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 19KB

.lib
Size: 512B - Virtual size: 76KB