ed467891404bfff4be7f9d1c482c95a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ed467891404bfff4be7f9d1c482c95a6_JaffaCakes118
Size

168KB
MD5

ed467891404bfff4be7f9d1c482c95a6
SHA1

a16481433494f8975096b94d1e80eb427f4bb828
SHA256

98a21ce8114ba94a098cc16d43b6e1acc0299037b3eee0bb52c40584ae851d75
SHA512

8f1d719ca3c6002648cba7fa537e8a3843156d0e18b6463c3b17b9f9a8ef1d8c34429409950d4ac3b9109d7a12cde4fb896ed0759f24ead29c9bf68cc6a167f7
SSDEEP

3072://Zb2zT9plWJnVRwouPQ2broqM2jordjQ6RDlSfQEjuoY5/k6UxWdW4dlRWRkrV1:HZbykRWPQPqJUrv1lSCT5bo4NWSkFQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed467891404bfff4be7f9d1c482c95a6_JaffaCakes118

Files

ed467891404bfff4be7f9d1c482c95a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

843d30db17f526aeb5397b7fb5569b13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetCommandLineW
SetEndOfFile
FindResourceW
SetLastError
GetDriveTypeA
lstrcmpiW
GlobalAlloc
QueryPerformanceCounter
FreeEnvironmentStringsW
GetLocalTime
CreateFileMappingW
SetErrorMode
InterlockedCompareExchange
GetFileType
GetOEMCP
WaitForMultipleObjects
GetConsoleMode
GetFileAttributesW
GetTickCount
LoadLibraryExA
DeleteFileW
HeapDestroy
MapViewOfFile
GetCurrentDirectoryW
ResumeThread
RaiseException
GetThreadLocale
UnhandledExceptionFilter
InterlockedDecrement
GetThreadPriority
GetCurrentThreadId
LocalAlloc
GetLastError
GetProcessHeap
GetFileAttributesA
UnmapViewOfFile
HeapSize
VirtualAlloc
GetCurrentProcess
GetVersion
InitializeCriticalSection
GetModuleHandleW
GetComputerNameW
OpenEventA
GetVersionExW
TlsGetValue
CompareStringA
GetExitCodeThread
VirtualProtect
FindResourceA
ExpandEnvironmentStringsW
GetCurrentThread
GetCurrentProcessId

msvcrt

malloc
??0exception@@QAE@ABV0@@Z
realloc
__p__osver
sprintf
_wtol
__pioinfo
strtok
_finite
_ftol
rand
fprintf
_isatty
_access
__getmainargs
wcsspn
fwrite
__p__fmode
_ltoa
ctime
_stat
_chsize
exit
_lock
_initterm
fclose
_rotr
iswdigit
strncpy
fseek
_commit
srand

user32

FillRect
GetClassNameW
GetSysColor
GetDlgCtrlID
KillTimer
InsertMenuA
TrackPopupMenu
RegisterClipboardFormatW
GetDlgItemTextA
SetFocus
UnregisterClassA
GetSysColorBrush
EnableWindow
CheckRadioButton
GetCursorPos
DialogBoxParamA
ExitWindowsEx
GetWindowRect
IsWindowEnabled
RegisterWindowMessageA
RegisterClassA
GetDC
EnumChildWindows
SetWindowTextA
IsDlgButtonChecked
CharPrevW
PostQuitMessage
GetWindow
DrawTextA
MessageBeep
UpdateWindow
GetFocus
SetWindowLongW
SetMenu
GetWindowTextW
CharUpperA
GetMenu
SetWindowRgn
CharUpperW
LoadStringA
GetClientRect
ShowWindow
MessageBoxW
GetDesktopWindow
CreateWindowExW
GetActiveWindow
LoadCursorW

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: 512B - Virtual size: 143B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 512B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 409B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

843d30db17f526aeb5397b7fb5569b13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 147KB - Virtual size: 147KB

.textbss Size: 512B - Virtual size: 143B

.textbss Size: 512B - Virtual size: 33KB

BSS Size: 512B - Virtual size: 409B

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 147KB - Virtual size: 147KB

.textbss
Size: 512B - Virtual size: 143B

.textbss
Size: 512B - Virtual size: 33KB

BSS
Size: 512B - Virtual size: 409B

.rsrc
Size: 18KB - Virtual size: 18KB