f0c341858e8863e3645e379e22b733f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0c341858e8863e3645e379e22b733f7_JaffaCakes118
Size

260KB
MD5

f0c341858e8863e3645e379e22b733f7
SHA1

717546219368a178fc14fcc99a70a5af8ed336e1
SHA256

c1ad203f26ab0ed705b7db8aab87c9ff1b2a4cd7fab4f8c1444e3d6b3c77801d
SHA512

5e790482a12538cd78fd963b75c04194e760776c7dbb4b3d7c0cf822d926a024d69bdbfa921e41feed3a48c9c27b942333fd6027f705170c165263986940a62e
SSDEEP

6144:8EchLSFUZxPc2IBGMnAyyFj7l59/ni0uyUIj:8EchLnZFT0AyWaZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0c341858e8863e3645e379e22b733f7_JaffaCakes118

Files

f0c341858e8863e3645e379e22b733f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

59a948a2c74e1818d462e8502e192d76

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
WaitForSingleObject
Sleep
TerminateThread
GetExitCodeThread
CreateThread
OpenProcess
ExitProcess
GetLastError
LoadLibraryA
MulDiv
GetCurrentThreadId
lstrlenA
CloseHandle
FreeResource
GetProcAddress
GetLocaleInfoA
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
CreateFileA
WriteFile
CopyFileA
GetCommandLineA
ExitThread
SizeofResource
GetCurrentProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
UnhandledExceptionFilter
GetModuleFileNameA
SetLastError
TlsGetValue
TlsSetValue
SetStdHandle
TlsAlloc
GetStdHandle
SetHandleCount
GetFileType
VirtualAlloc
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
HeapDestroy
VirtualFree
GetVersion
GetStartupInfoA
ReadFile
HeapSize
HeapReAlloc
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetOEMCP
GetACP
LeaveCriticalSection
MultiByteToWideChar
GetLocalTime
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
RtlUnwind
HeapFree
GetTimeZoneInformation
HeapAlloc
EnterCriticalSection

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA

gdi32

CreateFontA
SetBkMode
SelectObject
CreateSolidBrush
GetStockObject
GetDeviceCaps

shell32

ShellExecuteA

user32

SetDlgItemTextA
GetClassNameA
MessageBoxA
SendMessageA
EndDialog
SendDlgItemMessageA
GetDC
GetDlgItem
ReleaseDC
InvalidateRect
FindWindowA
DialogBoxParamA
EnumWindows
PostMessageA
GetWindowThreadProcessId
TranslateMessage
GetMessageA
RegisterClassA
DispatchMessageA
LoadCursorA
CreateWindowExA
wsprintfA
SystemParametersInfoA
GetDlgItemTextA
DestroyWindow
PostThreadMessageA
ShowWindow
SetTimer
SetWindowTextA
GetClientRect
DefWindowProcA
BeginPaint
EndPaint
FillRect
DrawTextA
GetWindowTextA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

bind
listen
accept
WSACleanup
send
WSAStartup
gethostbyname
setsockopt
connect
recv
shutdown
socket
htons
ioctlsocket
closesocket
sendto

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59a948a2c74e1818d462e8502e192d76

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

shell32

user32

version

wsock32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 40KB - Virtual size: 232KB

.rsrc Size: 112KB - Virtual size: 110KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 40KB - Virtual size: 232KB

.rsrc
Size: 112KB - Virtual size: 110KB