JaffaCakes118_763b798d04ab50a6425b078033c811cd

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_763b798d04ab50a6425b078033c811cd
Size

288KB
MD5

763b798d04ab50a6425b078033c811cd
SHA1

3e368a0d5c520773d77cfa292b0ecf8dcad6a84d
SHA256

2e4bc88b1a0770744649b0cdb16a9afc40bc0fc20a9c17ff09b12d617316fbc0
SHA512

4562ae9a424916221e3b88162ae7cc9d6dd0eabd9cf7e2d2032a508593e5027b79b4dbd94df95091faf70f87b32acce56a916a11957d5ab54f07919d8e11d5fd
SSDEEP

6144:tlr6yDU7fqP/f0LETIOfrlYc5gTTArVR32GOuMMTrzuWeR7PP7EEPMW:JDqyXcLdWrll5gTT82ITrzpoPjR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_763b798d04ab50a6425b078033c811cd

Files

JaffaCakes118_763b798d04ab50a6425b078033c811cd
.exe windows:4 windows x86 arch:x86

967f723b472b772a2acdb23b566da365

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ReportEventW
OpenProcessToken
CopySid
GetTokenInformation
GetLengthSid
RegisterEventSourceW
DeregisterEventSource
IsValidSid
EqualSid
OpenThreadToken

kernel32

HeapDestroy
UnhandledExceptionFilter
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentThreadId
HeapAlloc
SetUnhandledExceptionFilter
FormatMessageW
DeleteCriticalSection
RaiseException
EnterCriticalSection
GetProcessHeap
CloseHandle
HeapSize
LeaveCriticalSection
lstrlenW
lstrlenA
IsDebuggerPresent
SetThreadLocale
GetACP
HeapFree
HeapReAlloc
GetCurrentDirectoryA
VirtualAllocEx

oleaut32

VariantChangeType
VariantCopyInd
SystemTimeToVariantTime
SafeArrayGetUBound
SafeArrayRedim
VariantCopy
LoadRegTypeLi
SafeArrayGetLBound
VariantInit
SafeArrayUnlock
SafeArrayCopy
SysStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SysStringByteLen
SysFreeString
LoadTypeLi
VariantClear
SysAllocString
SafeArrayLock
SafeArrayGetVartype
SafeArrayCreate
SysAllocStringByteLen
GetErrorInfo

ole32

CLSIDFromProgID
CoRevertToSelf
CoCreateInstance
CoImpersonateClient

shell32

SHGetFolderPathW

userenv

UnloadUserProfile
GetProfileType
CreateEnvironmentBlock
LoadUserProfileA
GetProfilesDirectoryW
GetGPOListW
GetAppliedGPOListW

user32

UnregisterClassA

shlwapi

PathAppendW

catsrvps

DllUnregisterServer
GetProxyDllInfo
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

967f723b472b772a2acdb23b566da365

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

ole32

shell32

userenv

user32

shlwapi

catsrvps

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 258KB - Virtual size: 261KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 258KB - Virtual size: 261KB

.rsrc
Size: 11KB - Virtual size: 11KB