54b003bfeb85fe13b7ea4a6a066898bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

54b003bfeb85fe13b7ea4a6a066898bb_JaffaCakes118
Size

431KB
MD5

54b003bfeb85fe13b7ea4a6a066898bb
SHA1

1b3e64425773e4a5f8d4dfa62b9a5922f126a769
SHA256

e4c8f7fb9fc24131bf328f5b55131151521adb6730cc674a6aeeef80be28e9a6
SHA512

38454b5e3962842a44960bd8d69dfb9d4a99d3f10e17bbf3a475c8b4bf433624dc284e1c77844472710c57a75afc70d1f98434e64a99a559ef2d35b482aaf21f
SSDEEP

12288:rMYqMiLgsWbOSdh10J7DCgpwgPq4jFKX:pALgsW/h10J7egpwgN5I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54b003bfeb85fe13b7ea4a6a066898bb_JaffaCakes118

Files

54b003bfeb85fe13b7ea4a6a066898bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c0248d9205390649a42c702d7a45bb1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
lstrlen
InitializeCriticalSectionAndSpinCount
FindClose
RtlUnwind
GetModuleHandleW
RemoveDirectoryA
GetCurrentProcess
GetEnvironmentStringsW
VirtualAlloc
IsDebuggerPresent
HeapDestroy
HeapReAlloc
GetCPInfo
DeleteFiber
GetACP
LoadLibraryW
InterlockedIncrement
GetModuleFileNameA
CompareStringW
GetModuleFileNameW
ExitProcess
EnumSystemLocalesA
GetLocaleInfoW
WriteFile
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetFileType
GetProfileIntW
GetTimeFormatA
QueryPerformanceCounter
SetLastError
LCMapStringW
FlushConsoleInputBuffer
LCMapStringA
SetEnvironmentVariableA
WaitForSingleObject
HeapAlloc
GetCurrentThread
HeapFree
SetCurrentDirectoryW
VirtualFree
GetCurrentProcessId
GetCompressedFileSizeW
GetStartupInfoA
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetThreadContext
FreeEnvironmentStringsW
GetStartupInfoW
CompareStringA
TlsGetValue
LeaveCriticalSection
CreateFileW
TryEnterCriticalSection
UnhandledExceptionFilter
TlsSetValue
TlsFree
GetLastError
CreateWaitableTimerA
IsValidLocale
GetDiskFreeSpaceW
CreateMutexA
TlsAlloc
GetStringTypeA
GetProcAddress
FreeLibrary
GetCommandLineW
GetOEMCP
HeapSize
InterlockedExchange
GetTimeZoneInformation
SetUnhandledExceptionFilter
GetDateFormatA
VirtualQuery
SetHandleCount
SetConsoleCtrlHandler
SetThreadContext
InterlockedDecrement
GetCurrentThreadId
GetUserDefaultLCID
WaitForSingleObjectEx
TerminateProcess
EnterCriticalSection
HeapCreate
Sleep
GetModuleHandleA
IsValidCodePage
GetLocaleInfoA
GetStdHandle

advapi32

RegDeleteKeyA
RegEnumKeyExA
LookupAccountSidW
CryptDuplicateHash
CryptReleaseContext
CryptSetHashParam
LookupAccountSidA
CryptGenKey
RegSaveKeyW
CryptGetProvParam
RegConnectRegistryW
RegQueryMultipleValuesW
CryptSetProviderExA
RegEnumValueW
LookupPrivilegeValueW
InitializeSecurityDescriptor
CryptGetHashParam
RegLoadKeyW
CryptEnumProviderTypesW
RegQueryValueExW

shell32

ShellExecuteExA
InternalExtractIconListA
FindExecutableW
SHGetFileInfoW
DragQueryFileAorW
SHGetPathFromIDList
ShellExecuteW
DragQueryPoint
SheChangeDirExW
SHFileOperationW
SheChangeDirA
ExtractAssociatedIconW
DragFinish
FreeIconList
DragQueryFile
SHAddToRecentDocs
SHAppBarMessage
SHEmptyRecycleBinW
SHGetDiskFreeSpaceA

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c0248d9205390649a42c702d7a45bb1

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

Sections

.text Size: 152KB - Virtual size: 151KB

.data Size: 275KB - Virtual size: 275KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 152KB - Virtual size: 151KB

.data
Size: 275KB - Virtual size: 275KB

.rsrc
Size: 3KB - Virtual size: 2KB