f5c36f0891a6317732aac5f91f6fc5b3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f5c36f0891a6317732aac5f91f6fc5b3_JaffaCakes118
Size

183KB
MD5

f5c36f0891a6317732aac5f91f6fc5b3
SHA1

b0e5444d865c0cc3c8d582f5c3ceb830115d9718
SHA256

ce660a97d153a446018a997dcc8ccb2b69a12d2d65f47315ad3ca489402fb0da
SHA512

27fa64479ba5079cd54525d765ae0feaf215e8be35dc8ed07a7cef320e2e8d0944e22dbaa010ee3fafb5d53538bed7209bc7a5a9b6732c427ddb7e5fe7ed9a08
SSDEEP

3072:2SABN3qhIHfCqww/XWChNNawTG5gcOB/YkLNLRL9yBT7eMaqnW/AwhM5i:2SAL3qOTj/GoLamxtpRL2WGnWY9i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5c36f0891a6317732aac5f91f6fc5b3_JaffaCakes118

Files

f5c36f0891a6317732aac5f91f6fc5b3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5dced1c166535915d2b2465c85210717

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
InterlockedExchange
GetCalendarInfoW
lstrlenA
InterlockedCompareExchange
GetLastError
GetCurrentThreadId
LockResource
GetProcessHeap
GetSystemTime
QueryPerformanceCounter
GetUserDefaultUILanguage
IsDebuggerPresent
GetThreadLocale
OutputDebugStringW
GetLocaleInfoA
GetModuleHandleA
HeapFree
SizeofResource
UnhandledExceptionFilter
GetModuleFileNameW
Sleep
GetModuleFileNameA
LoadResource
HeapSize
GetCurrentProcess
VirtualFree
FindResourceExA
lstrcpynW
EnumResourceNamesA
HeapDestroy
CreateProcessA
RaiseException
GetFileAttributesA
TerminateProcess
GetTickCount
GetStdHandle
GetFileAttributesW
HeapReAlloc
MoveFileW
LoadLibraryExW
GetStartupInfoA
MultiByteToWideChar
GetVersionExA
CloseHandle
SetUnhandledExceptionFilter
HeapAlloc
FindResourceA
CreateDirectoryW
LocalAlloc
FreeEnvironmentStringsA
WideCharToMultiByte
VirtualAlloc
SystemTimeToFileTime
ReleaseMutex
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetCurrentProcessId
CreateFileW
lstrcmpiA
UnmapViewOfFile
GetEnvironmentVariableA
WriteFile
GetACP
SetEvent

user32

CharNextA
GetSystemMetrics
UnregisterClassA
MessageBoxW
DestroyWindow
LoadStringW
LoadImageA
LoadIconA
CharNextW

mprapi

MprConfigServerDisconnect
MprConfigServerConnect
MprConfigGetFriendlyName

shlwapi

PathAddBackslashW

ole32

CoGetMalloc
StringFromGUID2
IIDFromString
CoTaskMemRealloc
OleInitialize
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoTaskMemAlloc
StringFromCLSID
OleUninitialize

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dced1c166535915d2b2465c85210717

Headers

File Characteristics

Imports

kernel32

user32

mprapi

shlwapi

ole32

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: 77KB - Virtual size: 77KB

.rsrc Size: 1024B - Virtual size: 120KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: 77KB - Virtual size: 77KB

.rsrc
Size: 1024B - Virtual size: 120KB