414e5e30431849d23f5ccea187c80112_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

414e5e30431849d23f5ccea187c80112_JaffaCakes118
Size

892KB
MD5

414e5e30431849d23f5ccea187c80112
SHA1

e8a45ccd1f5eb76d5f7c150b8b15d60998b41fe6
SHA256

e81ac525f9f56e0c9161e891b216804a88be8a1f8d02ed357d0b0269e829b4f1
SHA512

077b8eaf2e2ebc6a76414e2c629574f26762c8fa1830fa963ea647c3663ee90bfc395ade41262de2a3051db46f497df04e7a36f26689882ff4b5117a028c05ea
SSDEEP

12288:f/WuhbPpy9YYTa4uw4+Cygabfo7l5CQbQYHbYU4ltqCnuunzSHfk5lNTrO5aJDM0:GeQT3PKCwYQbQYHMU4eauQzcc5vTrOB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
414e5e30431849d23f5ccea187c80112_JaffaCakes118

Files

414e5e30431849d23f5ccea187c80112_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b48149043a60c6db6a7c23594dd2a820

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
SetStdHandle
SetFilePointer
FlushFileBuffers
CloseHandle
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
LocalFree
LeaveCriticalSection
GetProcAddress
LoadLibraryA
EnterCriticalSection
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
GetLastError
DisableThreadLibraryCalls
lstrlenW
InterlockedExchange
GetSystemInfo
GetCurrentProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
QueryPerformanceCounter
VirtualProtect
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
Sleep
WriteFile
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetModuleHandleA
ExitProcess
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
LocalAlloc
HeapReAlloc
VirtualQuery
InterlockedCompareExchange

user32

GetFocus

gdi32

SetLayout

ole32

CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize

msvcrt

_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
exit
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_XcptFilter
_exit
_cexit
__getmainargs
puts
__p__commode

crypt32

CertFindAttribute

wintrust

WTHelperCertCheckValidSignature
WinVerifyTrust
WintrustRemoveActionID
WintrustAddActionID
WintrustLoadFunctionPointers
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

Sections

.text
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b48149043a60c6db6a7c23594dd2a820

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

msvcrt

crypt32

wintrust

Sections

.text Size: 256KB - Virtual size: 253KB

.rdata Size: 332KB - Virtual size: 331KB

.data Size: 260KB - Virtual size: 1.7MB

.rsrc Size: 40KB - Virtual size: 38KB

.text
Size: 256KB - Virtual size: 253KB

.rdata
Size: 332KB - Virtual size: 331KB

.data
Size: 260KB - Virtual size: 1.7MB

.rsrc
Size: 40KB - Virtual size: 38KB