c848dc1cb164829d89c5360b58247d83_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c848dc1cb164829d89c5360b58247d83_JaffaCakes118
Size

208KB
MD5

c848dc1cb164829d89c5360b58247d83
SHA1

3d2eaeb1984048e1fccbf7746256845dff0fef6c
SHA256

69983d88f5532d380cb8df45f87c4a5b40d88cd830705e0533413b2ab34d98e4
SHA512

816bd532fdb93cc65d23946b81b4cfffacdc0baa821f5f8454353457e5a9697cbdbf917bf8de3a83cca8bde0d7ce8764380fe1732dbf286fadf8fbf5a5aa377c
SSDEEP

3072:TBQAhE6nENUpw7mf1wbHBtlN+SJHdITasSaQrASLasjaPV7o2yJw5/uRLuJu2TCV:TBbhs+1AHblVRmXerVJWFyJpKJ7PBT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c848dc1cb164829d89c5360b58247d83_JaffaCakes118

Files

c848dc1cb164829d89c5360b58247d83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

22565a9e7904d0ec49beb28e33624671

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptHashData
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptReleaseContext
CryptDestroyHash

msvfw32

ICInfo

psapi

GetProcessMemoryInfo

imagehlp

ImageGetDigestStream
ImageNtHeader
ImageRvaToVa
ImageDirectoryEntryToData

kernel32

GetSystemDirectoryA
_llseek
ExitProcess
IsDebuggerPresent
WriteFile
TerminateProcess
GetSystemTimeAsFileTime
EnumResourceNamesW
lstrcmpiA
GetLocaleInfoA
CreateFiberEx
CopyFileA
FormatMessageW
FindFirstFileA
EnumResourceLanguagesW
MoveFileW
FindResourceW
InterlockedDecrement
LoadLibraryExW
EnterCriticalSection
GetCurrentProcess
UpdateResourceW
DeleteFileW
DeleteCriticalSection
GetVersionExW
LocalFree
InitializeCriticalSection
MultiByteToWideChar
EscapeCommFunction
FindFirstFileW
EnumResourceTypesW
GetACP
InterlockedIncrement
CloseHandle
lstrlenA
WideCharToMultiByte
BeginUpdateResourceW
RaiseException
_lread
_lwrite
HeapAlloc
GetTempPathW
CreateDirectoryA
GetFileSize
GetStringTypeExW
OutputDebugStringA
GetFileInformationByHandle
SizeofResource
LoadLibraryA
GetModuleHandleW
LeaveCriticalSection
GetFileAttributesA
Sleep
CreateFileA
FindClose
ReadFile
QueryPerformanceCounter
GetTickCount
InterlockedCompareExchange
HeapFree
GetFileAttributesW
SetFilePointer
GetFullPathNameW
SetLastError
SetFileAttributesW
EnumResourceNamesA
LoadLibraryExA
LockResource
GetTempFileNameW
GetProcAddress
lstrlenW
FindResourceExW
GlobalLock
GetFullPathNameA
SetEndOfFile
LoadResource
GetCommandLineW
EndUpdateResourceW
GetCurrentThreadId
FindNextFileW
CreateFileW
SetFileAttributesA
GetVersion
UnhandledExceptionFilter
MapViewOfFile
GetThreadLocale
HeapSize
FreeResource
CopyFileW
RemoveDirectoryA
FatalExit
CreateFileMappingA
GetVersionExA
GlobalAlloc
GetCurrentDirectoryW
AreFileApisANSI
_lclose
GetOEMCP
SetUnhandledExceptionFilter
GetLastError
CreateDirectoryW
InterlockedExchange
DebugBreak
FindNextFileA
HeapDestroy
UnmapViewOfFile
FreeLibrary
GetEnvironmentVariableA
HeapReAlloc
DeleteFileA
RemoveDirectoryW
GlobalFree
GetProcessHeap
GlobalUnlock
GetCurrentProcessId
lstrcpyA

user32

CharNextA
MonitorFromWindow
wsprintfW
CharNextW

shell32

CommandLineToArgvW

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22565a9e7904d0ec49beb28e33624671

Headers

File Characteristics

Imports

advapi32

msvfw32

psapi

imagehlp

kernel32

user32

shell32

Sections

.text Size: 182KB - Virtual size: 182KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 19KB

.lib Size: 512B - Virtual size: 96KB

.text
Size: 182KB - Virtual size: 182KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 19KB

.lib
Size: 512B - Virtual size: 96KB