560c4caf136bec1724ea3cf5d3928545_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

560c4caf136bec1724ea3cf5d3928545_JaffaCakes118
Size

582KB
MD5

560c4caf136bec1724ea3cf5d3928545
SHA1

101a5fbba2c7550b936637a6a1d611c0436651be
SHA256

d21cdddb42efac730587bea354a94079b4370e4e2cde9821a7c3cc5787511e58
SHA512

ef1f068e641b373f156a578982f3db2ad04e0f22836d0a2205a549bc9753428e3f9f3e7bf9bb90214f05d46c1a115327d00dad2b8e18263aeed8b7e0f130409a
SSDEEP

12288:347GZk13sWgQE/AWWmkOdJs2ceo2eiQV+p9b9yf8gJE4UHC06qDkPDIbnHnKWnMX:QBAQOTpQhEkDyMIHnKWS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
560c4caf136bec1724ea3cf5d3928545_JaffaCakes118

Files

560c4caf136bec1724ea3cf5d3928545_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d3e32655c5a3cdd51d76ec3e24ed68d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumSystemLocalesA
AddAtomW
GetStartupInfoA
GlobalDeleteAtom
RtlUnwind
GetConsoleMode
GetSystemTimeAdjustment
GetCurrentProcess
FreeLibrary
VirtualAlloc
GetStringTypeW
lstrlenA
HeapReAlloc
DeleteCriticalSection
GetUserDefaultLCID
DebugBreak
SetConsoleCursorInfo
SetConsoleCtrlHandler
GetModuleFileNameA
GetPrivateProfileStructW
SetStdHandle
RaiseException
CompareStringA
GetCommandLineA
MultiByteToWideChar
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetACP
CompareFileTime
GetFileType
QueryPerformanceCounter
IsBadReadPtr
WriteConsoleA
SetEnvironmentVariableA
TlsGetValue
InterlockedDecrement
FindFirstFileW
HeapAlloc
FlushFileBuffers
HeapFree
SetComputerNameA
LeaveCriticalSection
GetCurrentProcessId
CreateRemoteThread
GetConsoleOutputCP
LoadLibraryW
HeapValidate
GetEnvironmentStringsW
WideCharToMultiByte
CompareStringW
GetCurrentThread
OpenFile
IsValidLocale
TlsAlloc
DeleteFiber
FreeEnvironmentStringsW
LCMapStringW
LCMapStringA
IsValidCodePage
OutputDebugStringA
WriteConsoleInputW
TlsFree
OutputDebugStringW
VirtualProtectEx
ContinueDebugEvent
GetEnvironmentStrings
GetProcAddress
CreateFileA
EnterCriticalSection
GetUserDefaultLangID
GetProcessHeap
InterlockedExchange
SetFilePointer
IsDebuggerPresent
FreeEnvironmentStringsA
VirtualQuery
InterlockedIncrement
InitializeCriticalSection
DebugActiveProcess
GetStdHandle
GetCurrentThreadId
WriteFile
EnumDateFormatsExA
TerminateProcess
CloseHandle
GetModuleFileNameW
LocalFree
SetHandleCount
GetTimeFormatA
GetCPInfo
GetDateFormatA
GetLocaleInfoA
ExitProcess
GetStringTypeA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
GetConsoleCP
SetLastError
HeapDestroy
GetTimeZoneInformation
GetVersionExA
GetOEMCP
GetLastError
WriteConsoleW
CreateNamedPipeW
HeapCreate
TlsSetValue
GetLocaleInfoW
VirtualFree

shell32

RealShellExecuteExW
DragAcceptFiles
SHGetSettings
ExtractIconA
SHInvokePrinterCommandW
DragFinish
SHLoadInProc
SHFileOperation
DragQueryFileAorW
SheChangeDirExW

comdlg32

FindTextA
ChooseFontA
GetFileTitleW
GetOpenFileNameW
ChooseFontW
PageSetupDlgA
PrintDlgA
GetOpenFileNameA
ReplaceTextA
FindTextW
GetSaveFileNameA
PageSetupDlgW
ChooseColorW
GetSaveFileNameW
LoadAlterBitmap
PrintDlgW

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3e32655c5a3cdd51d76ec3e24ed68d2

Headers

File Characteristics

Imports

kernel32

shell32

comdlg32

Sections

.text Size: 266KB - Virtual size: 265KB

.data Size: 312KB - Virtual size: 323KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 266KB - Virtual size: 265KB

.data
Size: 312KB - Virtual size: 323KB

.rsrc
Size: 3KB - Virtual size: 3KB