431ae54f76c91ae96693950535bab61e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

431ae54f76c91ae96693950535bab61e_JaffaCakes118
Size

232KB
MD5

431ae54f76c91ae96693950535bab61e
SHA1

f9ddad79f5fa0850daee8f510742d83c23a24c10
SHA256

745b4b6fc4dd12db9dd000b9d2c36581ca8442ebd001439132f431a9afa7591a
SHA512

c48a933ac9e4c94b6f4f407d62289f6489ed3e3a3a5c8580975e0c85d72a329d6486be2a10181591f885a3274c28b3c9e53a85ad24b457cde9e9aca889a715f8
SSDEEP

6144:hKvSPbdxN8Sb5N3iQtzeDPAlFc/ysce+I:hKvSPLN8m595Z+PEYy3e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
431ae54f76c91ae96693950535bab61e_JaffaCakes118

Files

431ae54f76c91ae96693950535bab61e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3976c1026edc2539f6a5d3e8e7d510d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

CommandLineToArgvW

msvfw32

ICInfo

kernel32

QueryPerformanceCounter
FindFirstFileA
RaiseException
FindResourceW
GlobalLock
DebugBreak
FindNextFileA
HeapAlloc
RemoveDirectoryA
FindResourceExW
MapViewOfFile
GlobalAlloc
_lclose
DeleteFileW
HeapSize
GetFileSize
EnumResourceNamesW
SetFilePointer
AreFileApisANSI
SetLastError
CreateFiberEx
FreeResource
CreateFileMappingA
GetFileAttributesW
GetModuleHandleW
CreateFileA
GetSystemTimeAsFileTime
GetFullPathNameW
HeapDestroy
GetTickCount
GetProcAddress
lstrlenW
SetFileAttributesA
SetEndOfFile
GetCurrentThreadId
GetCurrentProcessId
CreateFileW
EnterCriticalSection
EscapeCommFunction
TerminateProcess
GetLastError
GetSystemDirectoryA
UnmapViewOfFile
CopyFileW
GetVersion
SizeofResource
GetStringTypeExW
IsDebuggerPresent
EnumResourceNamesA
GetCurrentProcess
InterlockedCompareExchange
lstrlenA
CreateDirectoryW
GetACP
DeleteFileA
_llseek
InterlockedExchange
LockResource
_lwrite
GetCurrentDirectoryW
EnumResourceTypesW
GetThreadLocale
HeapReAlloc
GlobalFree
GetVersionExA
UnhandledExceptionFilter
ExitProcess
UpdateResourceW
LoadResource
MultiByteToWideChar
LoadLibraryExA
RemoveDirectoryW
CopyFileA
GetOEMCP
GetEnvironmentVariableA
DeleteCriticalSection
CloseHandle
Sleep
GetTempFileNameW
GetFileAttributesA
CreateDirectoryA
FatalExit
FindClose
LocalFree
LoadLibraryExW
SetFileAttributesW
GetTempPathW
ReadFile
_lread
GetVersionExW
WideCharToMultiByte
HeapFree
FindNextFileW
MoveFileW
GetProcessHeap
InitializeCriticalSection
GetFileInformationByHandle
EndUpdateResourceW
FreeLibrary
FormatMessageW
lstrcmpiA
InterlockedDecrement
OutputDebugStringA
LeaveCriticalSection
InterlockedIncrement
BeginUpdateResourceW
LoadLibraryA
FindFirstFileW
GetCommandLineW
GetFullPathNameA
EnumResourceLanguagesW
GlobalUnlock
SetUnhandledExceptionFilter
WriteFile
GetLocaleInfoA
lstrcpyA

user32

MonitorFromWindow
wsprintfW
CharNextA
CharNextW

advapi32

CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextA
CryptGetHashParam
CryptDestroyHash

psapi

GetProcessMemoryInfo

imagehlp

ImageRvaToVa
ImageGetDigestStream
ImageNtHeader
ImageDirectoryEntryToData

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3976c1026edc2539f6a5d3e8e7d510d7

Headers

File Characteristics

Imports

shell32

msvfw32

kernel32

user32

advapi32

psapi

imagehlp

Sections

.text Size: 195KB - Virtual size: 194KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 31KB - Virtual size: 31KB

.lib Size: 512B - Virtual size: 60KB

.text
Size: 195KB - Virtual size: 194KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 31KB - Virtual size: 31KB

.lib
Size: 512B - Virtual size: 60KB