JaffaCakes118_6ae4a2ceb9f9f1ed673bfec8dd83b395

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_6ae4a2ceb9f9f1ed673bfec8dd83b395
Size

191KB
MD5

6ae4a2ceb9f9f1ed673bfec8dd83b395
SHA1

c19c873e6e8c47ec55f528cd07c25e451276c79a
SHA256

0c3dbf68572d567efb371ddcae62f7d46d61b521229f25e5a4ab7d0fe8d2f05f
SHA512

a9fdeeaf451318e2285ef651d3330e3d65694813d1f77dcc6c32f72e794838c9ad2168b2a86d5a65c0bc28dbbcb8500e0653c7a83bd646d6d5be40bed1d0d723
SSDEEP

3072:OknNn5Ur+pyqj1LWr289k2ipEADxj8t5UK8CAxVOOA4JIA/QdEfFvLeb:TnN5ZHorLH7ADxj8t5eCAxVOOyA/EEte

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6ae4a2ceb9f9f1ed673bfec8dd83b395

Files

JaffaCakes118_6ae4a2ceb9f9f1ed673bfec8dd83b395
.exe windows:4 windows x86 arch:x86

aef0f70620d10c13ba4b8890ff432f7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegEnumKeyW
DecryptFileW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
EncryptFileW
RegCloseKey

kernel32

FindFirstFileW
GetCalendarInfoW
GetCurrentDirectoryW
LoadLibraryW
CreateDirectoryW
GetLastError
SearchPathW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
LocalAlloc
GetTickCount
SetEnvironmentVariableW
FindNextFileW
GetModuleHandleA
Sleep
MultiByteToWideChar
OutputDebugStringA
GetProcessId
GetProcAddress
UnmapViewOfFile
VirtualProtect
EnterCriticalSection
FreeLibrary
VirtualQuery
SetLastError
OpenProcess
GetLogicalDriveStringsW
InterlockedExchange
QueryDosDeviceW
ReleaseMutex
GetCurrentProcess
EnumResourceNamesA
QueryPerformanceCounter
GetFileInformationByHandle
IsWow64Process
ExitProcess
OutputDebugStringW
GetFileAttributesW
GetFileSizeEx
GetCurrentThreadId
SetUnhandledExceptionFilter
InitializeCriticalSection
SetFileAttributesW
InterlockedCompareExchange
GetModuleHandleW
WaitForSingleObject
LocalFree
lstrcmpiW
lstrlenW
CreateFileMappingW
GetModuleFileNameW
DuplicateHandle
FindClose
WideCharToMultiByte
MapViewOfFile
EncodePointer
CreateMutexW

ole32

CoGetDefaultContext
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoTaskMemFree

gdiplus

GdipGetImageWidth
GdipDisposeImage

shlwapi

PathGetArgsW
PathSkipRootW
PathIsUNCW
StrDupW
SHRegGetValueW
PathFindFileNameW

user32

GetWindowThreadProcessId
GetGUIThreadInfo
GetPropW
AllowSetForegroundWindow
GetClassNameW
GetForegroundWindow

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aef0f70620d10c13ba4b8890ff432f7f

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

gdiplus

shlwapi

user32

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: 77KB - Virtual size: 77KB

.edata Size: 1024B - Virtual size: 112KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: 77KB - Virtual size: 77KB

.edata
Size: 1024B - Virtual size: 112KB