5763e466d6ab31e9c25de489b60740e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5763e466d6ab31e9c25de489b60740e2_JaffaCakes118
Size

275KB
MD5

5763e466d6ab31e9c25de489b60740e2
SHA1

c0150f3ade70b10edcb3e68157f8251322526e78
SHA256

eaf36ad0e1febb62ad7f4314728f7efc88fa67c31f6bd9c396bbee0693643fa3
SHA512

ba8ca2c317162b64a3e68063eea6a8b6f1d4779d65b842bc26ea4a9122ba9b5ee747c4fb0950c7ce9eecbf57438619d8b70232692842130dd990495939938f57
SSDEEP

6144:90S+/3KAmQohGDT/wj0mr/H8lBapYZ4r7:9ZK3bmQmGD8rPOBarr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5763e466d6ab31e9c25de489b60740e2_JaffaCakes118

Files

5763e466d6ab31e9c25de489b60740e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d91b73fd1a443cf82b8f9a8d591214a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle

advapi32

GetTokenInformation
RegQueryValueExW
EnableTrace
OpenProcessToken
RegOpenKeyExW
RegCloseKey
RegSetValueExW
EnumerateTraceGuids
RegCreateKeyExW
RegDeleteValueW
ControlTraceW
LookupAccountSidW
RegOpenKeyW
StartTraceW

secur32

GetComputerObjectNameW

wintrust

WinVerifyTrust

userenv

ExpandEnvironmentStringsForUserW

urlmon

URLDownloadToFileW

shlwapi

PathFindFileNameW
PathCombineW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
SHDeleteKeyW

user32

GetSystemMetrics
MsgWaitForMultipleObjects
GetMessageW
PeekMessageW
TranslateMessage
PostThreadMessageW
DispatchMessageW
UpdateWindow

shell32

SHCreateDirectoryExW

kernel32

TlsFree
LCMapStringW
HeapDestroy
GetUserDefaultLCID
GetCurrentDirectoryW
SetWaitableTimer
LoadResource
WriteConsoleW
GetTempPathW
GetFileSizeEx
Process32FirstW
GetTempFileNameW
LockResource
LocalAlloc
Process32NextW
lstrcmpA
GetThreadLocale
TlsGetValue
GetCommandLineW
TlsSetValue
RemoveDirectoryW
MoveFileExW
HeapSize
SetHandleCount
RtlUnwind
CloseHandle
CreateWaitableTimerW
SetUnhandledExceptionFilter
CreateDirectoryW
GetACP
IsProcessorFeaturePresent
EnumSystemLocalesA
SetLastError
LeaveCriticalSection
GetModuleHandleW
CreateThread
SetFilePointer
DeleteCriticalSection
GetCurrentThreadId
FlushFileBuffers
WideCharToMultiByte
MapViewOfFile
CreateToolhelp32Snapshot
SizeofResource
FreeLibrary
IsValidLocale
GetOEMCP
GetFileAttributesExW
OpenProcess
WaitForSingleObject
GlobalFree
FindResourceW
WriteFile
ReadFile
IsDebuggerPresent
ExpandEnvironmentStringsW
GetProcessHeap
FormatMessageW
GetSystemInfo
CreateFileMappingW
CreateEventW
RaiseException
GetSystemTimeAsFileTime
FindResourceExW
HeapAlloc
GetFileSize
GetStdHandle
LocalFree
CancelWaitableTimer
FreeEnvironmentStringsW
HeapFree
TlsAlloc
GetSystemDirectoryW
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetConsoleCP
EnterCriticalSection
GetCommandLineA
IsValidCodePage
GetFileType
DeleteFileW
UnhandledExceptionFilter
SetStdHandle
CreateFileW
GetConsoleMode
VirtualAllocEx

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

crypt32

CertFreeCertificateContext
CertGetCertificateChain
CryptMsgGetAndVerifySigner
CryptHashPublicKeyInfo
CryptMsgGetParam
CertVerifyCertificateChainPolicy
CryptDecodeObject
CertCloseStore
CryptQueryObject
CertFreeCertificateChain
CryptMsgClose

comctl32

CreateStatusWindow
ImageList_BeginDrag
CreatePropertySheetPage
DrawStatusText
ImageList_ReplaceIcon
FlatSB_EnableScrollBar
ImageList_AddIcon
ImageList_GetImageRect

faultrep

AddERExcludedApplicationW
ReportFault

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 38KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 175KB - Virtual size: 789KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 864KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d91b73fd1a443cf82b8f9a8d591214a

Headers

File Characteristics

Imports

wininet

advapi32

secur32

wintrust

userenv

urlmon

shlwapi

user32

shell32

kernel32

ole32

crypt32

comctl32

faultrep

Sections

.text Size: 18KB - Virtual size: 18KB

.bss Size: 38KB - Virtual size: 1.0MB

.reloc Size: 175KB - Virtual size: 789KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 34KB - Virtual size: 864KB

.rsrc Size: 3KB - Virtual size: 17KB

.text
Size: 18KB - Virtual size: 18KB

.bss
Size: 38KB - Virtual size: 1.0MB

.reloc
Size: 175KB - Virtual size: 789KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 34KB - Virtual size: 864KB

.rsrc
Size: 3KB - Virtual size: 17KB