f64f4aed9f6ae88612e58716a12255c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f64f4aed9f6ae88612e58716a12255c6_JaffaCakes118
Size

141KB
MD5

f64f4aed9f6ae88612e58716a12255c6
SHA1

a844031b264a9e3fc1be897f7cd897a0e9c2e8bc
SHA256

db81a149a84ea0c0466db0ca5c3169c53ad94e8bcc45ca48e5ca92431028b8b1
SHA512

ad817d8243b24c1c4f90088c361c7c5cb57a71fac5e9c5a7390d651b42bfa9dc143b81de88707b89a6f93e349183dee96420aa94e968d8a4378dd89032d39161
SSDEEP

3072:vUJtFdKJwB3iAJLfxwKO38HAUYVBMqQ7M8KV+lejK0Xd2:cZqwBrJPOsHAUYVB3mS+lej5Xd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f64f4aed9f6ae88612e58716a12255c6_JaffaCakes118

Files

f64f4aed9f6ae88612e58716a12255c6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3437dea7e872fd8a9c61376167e4b9a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
GetExitCodeProcess
ExitProcess
SetFileTime
TlsAlloc
SetConsoleMode
VirtualFree
SetFilePointer
GetSystemWindowsDirectoryW
LeaveCriticalSection
CreateMutexA
OutputDebugStringA
WritePrivateProfileStructA
LoadLibraryW
TlsGetValue
FormatMessageA
GetNumberFormatW
VirtualProtect
GetModuleHandleA
SetCurrentDirectoryA
WritePrivateProfileStructW
ResetEvent
ReadFile
SetCurrentDirectoryW
GetStringTypeA
GetProcAddress
LockResource
VirtualAlloc

msvcrt

__winitenv
__set_app_type
memcpy
labs

user32

IsWindow
LoadCursorW
DrawEdge
CopyRect
CreateWindowExA
CallWindowProcW
GetClipboardData
GetForegroundWindow
wsprintfA
DispatchMessageW

gdi32

SetStretchBltMode
BitBlt
SetTextColor
GetRegionData
CreateSolidBrush
SelectPalette
DeleteDC
DeleteObject
GetTextExtentPoint32W
GetStockObject
CreateRoundRectRgn
SetBkMode
CreateCompatibleBitmap
GetTextMetricsW
ExtTextOutW
CreateBitmap
LineTo
StretchBlt
TextOutW

tapi32

lineAgentSpecific
lineMakeCallW
tapiGetLocationInfoW
lineGetCallInfoA
lineGetAddressCaps

Exports

Exports

FfdYpvvdxuJgkqeuxJfqxQx
DrrOzvb
StquAiehPztqgumUg

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3437dea7e872fd8a9c61376167e4b9a3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

tapi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 51KB - Virtual size: 50KB

.CRT Size: 38KB - Virtual size: 38KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 136B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 51KB - Virtual size: 50KB

.CRT
Size: 38KB - Virtual size: 38KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 136B