f934a478f149b8f1e5325e42137c0beb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f934a478f149b8f1e5325e42137c0beb_JaffaCakes118
Size

110KB
MD5

f934a478f149b8f1e5325e42137c0beb
SHA1

bbe7c896bc8ff3c87d22ff3039348b20c7f03901
SHA256

eb10825f32bbdf97da92f37a4f51df1ad9ca0ea21a78cb1ab928dce249ccf1b2
SHA512

626229c8a9eba7b10525c7e6d01e1ecf56bfcb13ef00428c187c5ed27a1be80089910394f136ebeacf5f6089b2b3ebce7d84fe0ceea19c7d07ab15d663262112
SSDEEP

3072:zKooC4NZ2cGx8NiuujxedvaKC6C6EjtmNCYYYQ:zKvr2txNFjxe1aPxgYY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f934a478f149b8f1e5325e42137c0beb_JaffaCakes118

Files

f934a478f149b8f1e5325e42137c0beb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1b8bf4412f1363660330ba926f17730a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
GetEffectiveClientRect
CreateMappedBitmap
ImageList_GetImageInfo
MenuHelp
CreateToolbar
DSA_GetItemPtr
ImageList_LoadImageA
ImageList_Remove

kernel32

Sleep
CreateProcessW
CreateFileA
GetCurrentProcess
GetSystemTimeAsFileTime
InitializeCriticalSection
FindResourceExA
GetTickCount
LoadLibraryA
MultiByteToWideChar
GetCurrentProcessId
VirtualAlloc
CloseHandle
ExitProcess
SetLastError
TerminateProcess
WideCharToMultiByte
LocalFree
SetUnhandledExceptionFilter
FindResourceExW
GetLastError
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
GetCurrentThreadId
FreeLibrary
CommConfigDialogA
UnhandledExceptionFilter
InterlockedIncrement
DeleteCriticalSection
FindResourceW
QueryPerformanceCounter

advapi32

LookupAccountNameW
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExW
RegQueryValueExA
RegDeleteKeyW
AddAccessAllowedAce
RegQueryValueExW
AccessCheckByTypeAndAuditAlarmA
RegSetValueExW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
RegCreateKeyExA
RegOpenKeyExW

user32

UpdateWindow
AnimateWindow
ScreenToClient
GetClientRect
GetSystemMetrics
ArrangeIconicWindows
EndDialog
EnableWindow
ShowWindow
BeginPaint
ReleaseDC
GetDlgItem
GetWindowRect
LoadStringW
MessageBoxA
TranslateMessage
GetDC

ole32

CoDisableCallCancellation
CoFreeAllLibraries
BindMoniker
CLIPFORMAT_UserFree
CLSIDFromProgIDEx
CoCreateInstance
PropVariantChangeType
CLIPFORMAT_UserMarshal
CLIPFORMAT_UserSize
CLSIDFromOle1Class
CLIPFORMAT_UserUnmarshal
CLSIDFromProgID

Sections

.textbss
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b8bf4412f1363660330ba926f17730a

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

kernel32

advapi32

user32

ole32

Sections

.textbss Size: - Virtual size: 120KB

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 94KB - Virtual size: 94KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.textbss
Size: - Virtual size: 120KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 94KB - Virtual size: 94KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB