56fdf1479caec65eb44c36869a36e1fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

56fdf1479caec65eb44c36869a36e1fe_JaffaCakes118
Size

145KB
MD5

56fdf1479caec65eb44c36869a36e1fe
SHA1

b845bed85033eebfecb2177def0620b91495a00c
SHA256

ff6db574868b00d9b0fd72571deebb3a057f33370d6288055e346f14f66ac42c
SHA512

ccbf5e863d0d97e4f8a3c72bef11091bb2a8a5c494eb5c42a0e7835169802793214e5d3f6cc2107d73937f25ab52a958ec3bf1187debb4882e16527573ad26ec
SSDEEP

3072:YKT+Zkjy6qKhYSJB09aCej+5BZgzYAFrqCnnRLaAZh5iXYXKLRP:KmMFKB0QCdBIYAF/7Qom9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56fdf1479caec65eb44c36869a36e1fe_JaffaCakes118

Files

56fdf1479caec65eb44c36869a36e1fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b98dae965683df98cf6fe17d694a1f0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
OpenThread
CreateMutexA
LCMapStringA
GetThreadLocale
ReadFile
GetFileSize
GetTempPathW
HeapReAlloc
FormatMessageA
SetInformationJobObject
RaiseException
CreateProcessA
DeviceIoControl
LocalFree
ReleaseSemaphore
HeapAlloc
CreateDirectoryExW
GlobalWire
InterlockedExchange
GetTempPathA
FreeLibrary
SearchPathW
FreeEnvironmentStringsW
GetLongPathNameW
WriteFile
GetShortPathNameW
SetFilePointer
GetCommandLineA
GetLogicalDriveStringsA
GlobalMemoryStatusEx
GetCurrentProcessId
SetLastError
GetStartupInfoA
GetProcAddress
ExitProcess
CompareFileTime
GetStringTypeW
GetDiskFreeSpaceW
GetFileSizeEx
SetConsoleWindowInfo
MapViewOfFile
LCMapStringW
GetStringTypeA
CreateFileA
TermsrvAppInstallMode
GetTempFileNameW
CreateFileMappingA
CloseHandle
HeapFree
GetProcessHeap
SearchPathA

advapi32

RegQueryValueExA
RegEnumKeyA
RegEnumValueA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

OleBuildVersion
CreateDataAdviseHolder
CoQueryClientBlanket
CoLockObjectExternal

shell32

SHGetFileInfoA
SHGetSpecialFolderLocation
ShellExecuteA
SHFileOperationA
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zytp
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 131KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b98dae965683df98cf6fe17d694a1f0f

Headers

File Characteristics

Imports

kernel32

advapi32

version

ole32

shell32

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 5KB - Virtual size: 121KB

.zytp Size: 3KB - Virtual size: 3KB

.edata Size: 131KB - Virtual size: 263KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 5KB - Virtual size: 121KB

.zytp
Size: 3KB - Virtual size: 3KB

.edata
Size: 131KB - Virtual size: 263KB