f8b81fde623d4f4004052c3c87178169_JaffaCakes118

General

Target

f8b81fde623d4f4004052c3c87178169_JaffaCakes118
Size

456KB
MD5

f8b81fde623d4f4004052c3c87178169
SHA1

0289a82bae4737ba39f37c76931783a840ac5554
SHA256

d45de34e9b48ee9075b632abe2d277838acdd69394b215831b2ef2c395055f79
SHA512

72bf4b76367d09b3bd414c88f23723af069f1f6e72c9b4b0d51bf5ea6d73fe4879bf6881310cfc075803b03161713545db965add13246edefea87324ee23d942
SSDEEP

12288:Y00SlEs5pGAID/YRO/s4S8yB81gmsQYNResu:Y0TcN/O4SxyglQYNoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8b81fde623d4f4004052c3c87178169_JaffaCakes118

Files

f8b81fde623d4f4004052c3c87178169_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fddc01a2857d6079ae415059d077ec14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNA

kernel32

TerminateProcess
HeapAlloc
CreateDirectoryW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetOverlappedResult
PeekNamedPipe
FindNextChangeNotification
ResetEvent
FindFirstChangeNotificationW
LCMapStringW
LocalAlloc
LocalFree
lstrlenA
GetSystemDirectoryA
lstrcatA
FindCloseChangeNotification
GetVersionExA
GetAtomNameW
LoadLibraryA
CreateEventA

user32

GetKeyState
CreatePopupMenu
GetMessageA
DestroyMenu
RegisterClassW
DispatchMessageA
GetSystemMetrics
PostMessageA
PostQuitMessage
TranslateMessage
GetCursorPos
InsertMenuW
TrackPopupMenu

gdi32

DeleteDC
RestoreDC
DeleteObject
GetTextFaceA
SelectObject
CreateFontA
GetDeviceCaps
SetMapMode
SaveDC
CreateFontIndirectW
GetFontData
GetTextExtentPoint32W
SetTextAlign
GetTextMetricsA
GetObjectA
ExtTextOutW
SetBkMode
SetTextColor
GetTextFaceW
GetOutlineTextMetricsA
CreateDCA
CreateSolidBrush
TranslateCharsetInfo
CreateFontIndirectA

msimg32

TransparentBlt

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fddc01a2857d6079ae415059d077ec14

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

msimg32

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 144KB - Virtual size: 546KB

.rsrc Size: 5KB - Virtual size: 8KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 144KB - Virtual size: 546KB

.rsrc
Size: 5KB - Virtual size: 8KB