5690b76c5f85834e13135606b5a5c99d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5690b76c5f85834e13135606b5a5c99d_JaffaCakes118
Size

405KB
MD5

5690b76c5f85834e13135606b5a5c99d
SHA1

9215fc3bd5418f0aac3b258996099bd24b812c1b
SHA256

dec1161db7748cb09e74813d4387af865646519dd0d5fdfc231dce3d48ce6d8b
SHA512

97bb9f8b5864f89d2c7dfad46f290e93b4b6cff6c3ad20be2a6d475dd75f778651ffca600c2c3578c34ed6083a28d87e350610aae0ba14536047f23aa84c3320
SSDEEP

6144:YIwtgQPbe4uesfJIM/x6VW3LOlbzYiZqpx93JutH9xgbd5Ji2Ig+eV/:YxtNztZsKLg7OZcEqVJut/4tizg+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5690b76c5f85834e13135606b5a5c99d_JaffaCakes118

Files

5690b76c5f85834e13135606b5a5c99d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20b35003e448e3c5d64b0e632a4260ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoW
GetStringTypeA
SetThreadLocale
GetCPInfo
GetEnvironmentStringsW
CreateProcessA
HeapAlloc
LoadLibraryA
ExitThread
TlsFree
GetTimeFormatA
FindFirstFileExW
EnumDateFormatsA
FreeLibrary
InterlockedExchange
SetHandleCount
SetTimeZoneInformation
GetOEMCP
GetStartupInfoA
GetVolumeInformationA
WideCharToMultiByte
TlsGetValue
GetStdHandle
DeleteCriticalSection
lstrcatA
HeapCreate
GetCommandLineA
GetLastError
GetProcAddress
MoveFileExW
GetFileType
HeapFree
ReadConsoleW
GetEnvironmentStrings
PulseEvent
HeapDestroy
VirtualQuery
TlsAlloc
InitializeCriticalSection
UnhandledExceptionFilter
SetFilePointer
IsBadWritePtr
FlushConsoleInputBuffer
GetCurrentThread
HeapReAlloc
SetLastError
ExitProcess
FlushFileBuffers
lstrlen
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
LeaveCriticalSection
GetModuleHandleA
FreeEnvironmentStringsW
LCMapStringA
LCMapStringW
GetCurrentThreadId
VirtualFree
GetStringTypeW
CreateFileW
GetACP
GetCurrentProcessId
GetModuleFileNameA
MultiByteToWideChar
GetProcessHeap
GetEnvironmentStringsA
GetTickCount
GetVersion
WaitNamedPipeW
FreeEnvironmentStringsA
WriteFile
TlsSetValue
RtlUnwind
EnterCriticalSection
GetSystemTimeAsFileTime

gdi32

AddFontResourceA
SetRectRgn
SetWinMetaFileBits
EndPath
GetOutlineTextMetricsA
SetPixelV
GetMetaFileBitsEx
CreatePatternBrush
CopyMetaFileA
GetCurrentPositionEx
GetBitmapDimensionEx
SetBkColor
GetBrushOrgEx
AbortDoc
CreateEnhMetaFileA
ArcTo
CreateFontW
CreatePenIndirect
RemoveFontResourceA
Chord
GetCharWidthFloatA
SetWindowOrgEx
SetLayout
GetDIBits

comdlg32

ChooseFontW
GetSaveFileNameA
FindTextW
GetOpenFileNameW
PageSetupDlgW
GetFileTitleW
PageSetupDlgA
ChooseFontA
LoadAlterBitmap
ChooseColorA
ReplaceTextA
GetOpenFileNameA
GetFileTitleA

advapi32

RegQueryValueExA
RegFlushKey
RegEnumValueW
RegConnectRegistryA
LookupPrivilegeNameA
StartServiceA
CryptExportKey
RegSetKeySecurity
CryptGetKeyParam
RegCloseKey
RegReplaceKeyA
StartServiceW
CreateServiceA
CryptGenRandom
CryptEnumProviderTypesW
RegQueryInfoKeyW
RegOpenKeyA
InitiateSystemShutdownA
RegCreateKeyExW
RegCreateKeyExA
CryptEnumProvidersW
LookupAccountSidA
CryptGetDefaultProviderA
CryptVerifySignatureW
CryptImportKey

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20b35003e448e3c5d64b0e632a4260ef

Headers

File Characteristics

Imports

kernel32

gdi32

comdlg32

advapi32

Sections

.text Size: 95KB - Virtual size: 95KB

.data Size: 301KB - Virtual size: 301KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 95KB - Virtual size: 95KB

.data
Size: 301KB - Virtual size: 301KB

.rsrc
Size: 7KB - Virtual size: 7KB