3eb5b27fe3af3ff4288b17b61a07016a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3eb5b27fe3af3ff4288b17b61a07016a_JaffaCakes118
Size

393KB
MD5

3eb5b27fe3af3ff4288b17b61a07016a
SHA1

a022b78a4b36a1ce1d9d61126fdacf599402ee5b
SHA256

6be5c777dc9ad7d98d4851e458aa7ae68d899f6f27f55a3a742e505d5515db5c
SHA512

9f99d7d9ae26877242a2c4d888855737212927579c79f52dada463b120e515efc18c6f2897395207b7035a66dced6e23cf1c98e74072b18dd825ebb3d8817ea3
SSDEEP

12288:pSVuxlTcViV6or9luvSXHBrmyi1NMYkg:OuxlYg3DuvSXa6h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3eb5b27fe3af3ff4288b17b61a07016a_JaffaCakes118

Files

3eb5b27fe3af3ff4288b17b61a07016a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

394423be307a7e55dde8fc2456b85e8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
GetFileAttributesW
GetVersionExW
GetSystemInfo
VirtualQuery
GetLastError
GetProcAddress
LoadLibraryW
WideCharToMultiByte
lstrlenW
GetVersionExA
MultiByteToWideChar
LeaveCriticalSection
LocalAlloc
CreateThread
CreateEventW
GetModuleFileNameW
WaitForSingleObject
GetVersion
IsBadReadPtr
InterlockedIncrement
FreeLibraryAndExitThread
ReleaseMutex
MulDiv
WaitForMultipleObjects
ResetEvent
SetEvent
EnterCriticalSection
LocalReAlloc
Sleep
GetTickCount
SetHandleInformation
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
LoadLibraryA
InitializeCriticalSection
UnhandledExceptionFilter
GetModuleHandleA
OutputDebugStringA
BackupWrite
FindFirstFileW
FindNextFileW
FindClose
BackupRead
DeleteFileW
VirtualAlloc
CreateDirectoryW
SetFileAttributesW
SetLastError
WriteFile
SetThreadExecutionState
LocalFree
CreateFileW
DeviceIoControl
CloseHandle
FreeLibrary
GetCommandLineA
VirtualProtect
VirtualFree
WriteFileEx
GetStartupInfoA

user32

DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx

advapi32

RegOpenKeyExW
RegEnumValueA
RegCreateKeyExW
AllocateAndInitializeSid
BuildTrusteeWithSidW
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
TraceMessage
RegCloseKey
RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA

ole32

CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_except_handler3
wcsncmp
_wcsupr
wcschr
_wcsicmp
memcpy
free
memset
_wcsnicmp
_wcslwr
wcsstr
_strlwr
_strnicmp
toupper
_strupr
atoi
strstr
strchr
strtok
_stricmp
malloc
calloc
_vsnprintf
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs

Sections

.text
Size: 378KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

394423be307a7e55dde8fc2456b85e8d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcr71

Sections

.text Size: 378KB - Virtual size: 377KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 292KB

.sxdata Size: 512B - Virtual size: 8B

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 378KB - Virtual size: 377KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 292KB

.sxdata
Size: 512B - Virtual size: 8B

.rsrc
Size: 9KB - Virtual size: 8KB