a5f0bcf4114ef370d089fecc323b6508_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a5f0bcf4114ef370d089fecc323b6508_JaffaCakes118
Size

309KB
MD5

a5f0bcf4114ef370d089fecc323b6508
SHA1

3c46db20a08fb76d44783262d32347992d74f4ab
SHA256

809ff8ff232af08bff4926d3de1735f371f3041cd750f38617db0ee295f59962
SHA512

f6cc00b1944d4f8b2299815c3ffa7b401b33eb70f64375ae2404b7410c20722b1d4a5f09f0c35f224159719e6098f4d8aea960097302d7d12da568dae45bc37c
SSDEEP

6144:fEoTDHxAcidjh1ghyVkdQRWh7wg+FQRXlqxnwkaEL8XZkaYx3KAdd2L:fEoXHxAcAj8hyVkdQ8l4QqJzL8XZkaAc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5f0bcf4114ef370d089fecc323b6508_JaffaCakes118

Files

a5f0bcf4114ef370d089fecc323b6508_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5a81c0732010655d4e86695e2942b17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
TlsSetValue
GetSystemInfo
OpenFileMappingA
FreeLibrary
GetOEMCP
WaitForSingleObject
IsValidLocale
SetEndOfFile
LeaveCriticalSection
TlsFree
RaiseException
HeapAlloc
OpenSemaphoreA
EnterCriticalSection
GetModuleHandleA
ReadFile
OpenEventA
WideCharToMultiByte
TlsGetValue
VirtualAlloc
IsBadCodePtr
LoadLibraryExA
HeapDestroy
VirtualProtect
CreateFileA
GetFileSize
WriteFile
LCMapStringA
CreateSemaphoreA
ResetEvent
GetACP
GetUserDefaultLCID
CreateEventA
UnhandledExceptionFilter
LocalFree
lstrlenA
FreeEnvironmentStringsA
HeapSize
TlsAlloc
HeapFree
DeleteCriticalSection
SetFilePointer
SetLastError
SetStdHandle
OutputDebugStringA
LCMapStringW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetLocalTime
GetFileType
VirtualQuery
FreeEnvironmentStringsW
UnmapViewOfFile
CloseHandle
EnumSystemLocalesA
GetStdHandle
FileTimeToSystemTime
HeapReAlloc
IsValidCodePage
GetCommandLineA
GetCurrentThreadId
MapViewOfFile
SetHandleCount
FlushFileBuffers
WaitForMultipleObjects
GetThreadLocale
RtlUnwind
CreateFileMappingA
VirtualFree
lstrlenW
ReleaseSemaphore
CreateMutexW
VirtualAllocEx

advapi32

SetSecurityDescriptorDacl
CryptGetProvParam
GetSidIdentifierAuthority
CryptDeriveKey
FreeSid
CryptGetHashParam
RegQueryInfoKeyA
RegOpenKeyExA
CryptDestroyHash
CryptHashData
GetSidSubAuthority
OpenProcessToken
RegEnumKeyExA
InitializeSecurityDescriptor
CryptDestroyKey
EqualSid
CryptDecrypt
RegCloseKey
CryptEncrypt
RegSetValueExA
GetTokenInformation
AllocateAndInitializeSid
GetSidSubAuthorityCount
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
CryptAcquireContextA
CryptReleaseContext
IsValidSid
CryptCreateHash

user32

wsprintfA
CharUpperBuffA

oleaut32

VariantClear
SysStringByteLen
SysAllocStringByteLen
VariantInit
VarBstrCmp
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

ole32

CoCreateInstance
CoUninitialize
CoInitialize

resutils

ResUtilCreateDirectoryTree
ResUtilEnumResources
ResUtilFindSzProperty
ResUtilGetMultiSzProperty
ResUtilEnumPrivateProperties
ResUtilGetPropertySize
ResUtilGetBinaryProperty
ResUtilResourceTypesEqual

kbdhela2

KbdLayerDescriptor

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 285KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5a81c0732010655d4e86695e2942b17

Headers

File Characteristics

Imports

kernel32

advapi32

user32

oleaut32

ole32

resutils

kbdhela2

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 285KB - Virtual size: 1.1MB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 285KB - Virtual size: 1.1MB

.rsrc
Size: 5KB - Virtual size: 8KB