405531541b30b8d68549bbcf0e9ac716_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

405531541b30b8d68549bbcf0e9ac716_JaffaCakes118
Size

134KB
MD5

405531541b30b8d68549bbcf0e9ac716
SHA1

d25ad7b5a7d0e0558d33927a844bcd9badab81fb
SHA256

7902c062278037b73f864e5df60db5fc2d503750e9b3b96db15c03a15de82ac5
SHA512

0ab68355c050f40249afa74d5a768676c113767b9b3d7c17b9f3dd1365e5fc125fa109f00e16581b5dc21b8da21e17d9ef397414aeb581b3b488c57e1f7c0255
SSDEEP

3072:VrapmFYGyFath2Sck9F55JoAdYjzvn341baJmEu2ZGnw:Vra2Yprk93oJv34wJmE0nw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
405531541b30b8d68549bbcf0e9ac716_JaffaCakes118

Files

405531541b30b8d68549bbcf0e9ac716_JaffaCakes118
.exe windows:0 windows x86 arch:x86

bc303011f9afc8282bbea3490f390519

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

UnregisterTraceGuids
IsTextUnicode
TraceEvent
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags

kernel32

GetFileType
UnhandledExceptionFilter
WriteConsoleW
ExpandEnvironmentStringsA
FormatMessageW
VirtualUnlock
LocalAlloc
VirtualAllocEx
WritePrivateProfileSectionA
EnterCriticalSection
CreateJobObjectA
FatalAppExitA
FindFirstFileW
FreeLibrary
DuplicateHandle
GetPrivateProfileIntW
GetConsoleOutputCP
WideCharToMultiByte
QueueUserAPC
ExitProcess
SetConsoleLocalEUDC
VerSetConditionMask
EnumCalendarInfoW
ReadConsoleW
CreateFileA
ReadFile
CreateDirectoryA
CloseHandle
GetConsoleFontInfo
GetCurrentProcessId
MulDiv
FindAtomA
GenerateConsoleCtrlEvent
ReleaseSemaphore
SetUnhandledExceptionFilter
WaitForSingleObject
WaitForMultipleObjects
GetStdHandle
GetCommandLineW
TerminateProcess
GetConsoleMode
CancelTimerQueueTimer
CommConfigDialogW
CreateEventW
DeleteCriticalSection
InterlockedDecrement
SetThreadUILanguage
LeaveCriticalSection
GetCurrentProcess
SetMessageWaitingIndicator
GlobalSize
WriteConsoleInputA
SetConsoleMode
EnumDateFormatsA
FindVolumeClose
WriteConsoleOutputAttribute
AreFileApisANSI
CreateHardLinkW
LockFile
ConvertThreadToFiber
EnumLanguageGroupLocalesA
AddConsoleAliasA
SetEvent
GetProcessHeap
InterlockedIncrement
SetStdHandle
GlobalAddAtomW
WritePrivateProfileStructW
GetACP
InterlockedCompareExchange
SetLastConsoleEventActive
GlobalGetAtomNameA
SetProcessWorkingSetSize
SetConsoleCtrlHandler
InterlockedExchange
GetPrivateProfileSectionA
SetConsoleScreenBufferSize
GetCommConfig
HeapSetInformation
Module32NextW
GetStartupInfoW
SetLastError
Sleep
MoveFileW
GetLastError
GetTickCount
HeapDestroy
SetFileApisToOEM
GetConsoleCursorInfo
Sleep
RemoveVectoredExceptionHandler
OutputDebugStringA
GetConsoleDisplayMode
LocalFlags
SetCommState
GetFileSize
LockResource
BindIoCompletionCallback
GetSystemTimeAsFileTime
LocalFree
QueryDosDeviceW
WriteConsoleOutputA
GetCurrentProcessId
QueryPerformanceFrequency
QueryPerformanceCounter

msvcrt

isleadbyte
mbtowc
__mb_cur_max
_XcptFilter
_unlock
memcpy
malloc
memset
_strnicmp
_initterm
isxdigit
__CxxFrameHandler
_controlfp
_fileno
_lock
wcstombs
localeconv
_cexit
calloc
__dllonexit
_onexit
__badioinfo
_amsg_exit
_vsnwprintf
__pioinfo
__set_app_type
_purecall
exit
__wgetmainargs
_read
_wcsicmp
?terminate@@YAXXZ
_exit
wctomb
_wcsnicmp
isdigit
_errno
realloc
free
iswctype
__setusermatherr
ungetc

ntdll

RtlUnwind

user32

LoadStringA
LoadStringW

credui

CredUICmdLinePromptForCredentialsW

usp10

ScriptIsComplex
UspFreeMem
ScriptLayout
ScriptXtoCP

Sections

.Y
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ceyBRY
Size: 3KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.KK
Size: 1KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gB
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc303011f9afc8282bbea3490f390519

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

credui

usp10

Sections

.Y Size: 1KB - Virtual size: 1KB

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 4KB

.ceyBRY Size: 3KB - Virtual size: 48KB

.KK Size: 1KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 25KB

.gB Size: 3KB - Virtual size: 8KB

.rsrc Size: 95KB - Virtual size: 95KB

.Y
Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 4KB

.ceyBRY
Size: 3KB - Virtual size: 48KB

.KK
Size: 1KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 25KB

.gB
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 95KB - Virtual size: 95KB