3ed4d87303bb5a69fb11bacd4e1cb859_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ed4d87303bb5a69fb11bacd4e1cb859_JaffaCakes118
Size

461KB
MD5

3ed4d87303bb5a69fb11bacd4e1cb859
SHA1

b462681735572ba96d92a3d703d54559bad0b8f5
SHA256

1a378dabcc1ce75a73f1621c78d4b8effd736658efb19c2c0f45642e3b9371c4
SHA512

5736c57783a23db5cccedede737ee7409ed04e2828882be7da22b83c63da0d05a5068a00310aa15052b6db54d91759993be34dc9f8931c7e5b8c3710fe2c9372
SSDEEP

12288:rpYENvalDBy3hURZ8BcHNIdjNJAqJTrRODp/eCP2:uevmnRZ8BUWjNJiDZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ed4d87303bb5a69fb11bacd4e1cb859_JaffaCakes118

Files

3ed4d87303bb5a69fb11bacd4e1cb859_JaffaCakes118
.exe windows:4 windows x86 arch:x86

644aac11a63f7d09822df0f5e63016c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetStartupInfoA
GetFileAttributesExA
GetPrivateProfileSectionW
GetEnvironmentStringsW
WriteConsoleInputW
HeapAlloc
UnhandledExceptionFilter
SetHandleCount
IsValidCodePage
Sleep
SetEnvironmentVariableW
FillConsoleOutputAttribute
DeleteCriticalSection
SetConsoleCtrlHandler
SetEnvironmentVariableA
CompareStringA
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDriveStringsW
LeaveCriticalSection
FreeEnvironmentStringsW
GetProcessHeap
FreeLibrary
ReleaseSemaphore
GetStringTypeW
SetUnhandledExceptionFilter
GetLastError
GetProcAddress
FindNextFileW
GetFileType
TlsGetValue
SetPriorityClass
FreeEnvironmentStringsA
ReadConsoleInputW
GetTimeFormatA
VirtualQuery
IsDebuggerPresent
TlsFree
LCMapStringA
CompareStringW
GetUserDefaultLCID
SetLastError
GetEnvironmentStrings
HeapReAlloc
InterlockedIncrement
ExitProcess
WriteProfileStringW
FileTimeToDosDateTime
VirtualAlloc
TlsSetValue
QueryPerformanceCounter
GetCurrentProcess
HeapSize
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapCreate
GetCurrentThreadId
LCMapStringW
WideCharToMultiByte
EnumSystemLocalesA
GetCurrentThread
GetCurrentProcessId
GetModuleFileNameA
InitializeCriticalSection
EnterCriticalSection
WaitCommEvent
GetTickCount
GetStringTypeA
HeapDestroy
GetCPInfo
MultiByteToWideChar
IsValidLocale
RtlUnwind
GetACP
GetSystemTimeAsFileTime
InterlockedExchange
InterlockedDecrement
EnumSystemCodePagesA
FindFirstFileExA
GetDateFormatA
WriteFile
GetStdHandle
GetTimeZoneInformation
HeapFree
TerminateProcess
LoadLibraryA
SystemTimeToTzSpecificLocalTime
TlsAlloc
VirtualFree

shell32

ShellExecuteExA
ExtractAssociatedIconA
SHGetSpecialFolderPathA
SHFreeNameMappings
SHQueryRecycleBinA
SHGetDiskFreeSpaceA
SHGetSettings
InternalExtractIconListW
FindExecutableW
SHGetPathFromIDListA

advapi32

AbortSystemShutdownW
RegSetKeySecurity
RegOpenKeyExA
RegQueryValueExA
InitiateSystemShutdownW
CryptVerifySignatureA
LookupPrivilegeDisplayNameA
RegDeleteKeyW
RegOpenKeyW
CryptEnumProviderTypesA
CryptAcquireContextW
DuplicateToken

gdi32

SetGraphicsMode
GetMiterLimit
GetCharABCWidthsFloatW

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

644aac11a63f7d09822df0f5e63016c3

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

gdi32

Sections

.text Size: 134KB - Virtual size: 134KB

.data Size: 311KB - Virtual size: 311KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 134KB - Virtual size: 134KB

.data
Size: 311KB - Virtual size: 311KB

.rsrc
Size: 14KB - Virtual size: 14KB