f83d9d933f94ff4be35ce2b9fc896c8f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f83d9d933f94ff4be35ce2b9fc896c8f_JaffaCakes118
Size

282KB
MD5

f83d9d933f94ff4be35ce2b9fc896c8f
SHA1

dd0305a07128e247d8313bf4b6977a5f1d81cb40
SHA256

e05cadc90ab58fd90e153bcca59f4e555791c6be53a5fd89b010091b8f19ed3f
SHA512

20b43d51f23e65760d5db5d5677f5d1b034d1535fd59ce0c10e30e9d5194091767b7a1e3c9105f175cdde7b91e016bf0fc3d2254f42ff252456fcbeacee7db1b
SSDEEP

6144:IX+iBQNAGHMmlVSfFGThrUjdQZHHPpnISEf4Cujldc+:IX+qZGsmlVSFGTxMdQZHHP1ISEAfd1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f83d9d933f94ff4be35ce2b9fc896c8f_JaffaCakes118

Files

f83d9d933f94ff4be35ce2b9fc896c8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a88c1a7cd3a7783d1d291ea48d66fbea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
InitializeCriticalSection
CreateMutexW
OpenMutexW
LocalFree
LocalAlloc
GetModuleHandleA
lstrcmpA
GetVersion
GetTickCount
GetModuleFileNameA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateEventW
GetCurrentProcess
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
MultiByteToWideChar
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
FreeLibrary
GetFileAttributesW
LoadLibraryW
GetCurrentThread
GetProcAddress
LoadLibraryA

user32

PeekMessageW

advapi32

RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

ord680
ShellExecuteExW
SHGetDesktopFolder

query

CIState
DllGetClassObject
FsCiShutdown
CIRestrictionToFullTree
CITextToFullTreeEx

mscat32

CryptCATEnumerateAttr
CryptCATEnumerateMember
CatalogCompactHashDatabase
CryptCATVerifyMember
CryptCATPersistStore

Sections

.edata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 98KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 120KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 5KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a88c1a7cd3a7783d1d291ea48d66fbea

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

query

mscat32

Sections

.edata Size: 7KB - Virtual size: 6KB

.edata Size: 5KB - Virtual size: 387KB

.edata Size: 2KB - Virtual size: 36KB

.text Size: 14KB - Virtual size: 16KB

.edata Size: 3KB - Virtual size: 116KB

.rdata Size: 2KB - Virtual size: 19KB

.edata Size: 98KB - Virtual size: 125KB

.data Size: 6KB - Virtual size: 12KB

.edata Size: 120KB - Virtual size: 126KB

.edata Size: 5KB - Virtual size: 404KB

.rsrc Size: 17KB - Virtual size: 17KB

.edata
Size: 7KB - Virtual size: 6KB

.edata
Size: 5KB - Virtual size: 387KB

.edata
Size: 2KB - Virtual size: 36KB

.text
Size: 14KB - Virtual size: 16KB

.edata
Size: 3KB - Virtual size: 116KB

.rdata
Size: 2KB - Virtual size: 19KB

.edata
Size: 98KB - Virtual size: 125KB

.data
Size: 6KB - Virtual size: 12KB

.edata
Size: 120KB - Virtual size: 126KB

.edata
Size: 5KB - Virtual size: 404KB

.rsrc
Size: 17KB - Virtual size: 17KB