fb03466a83f1ecdc26ad778731ef103a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fb03466a83f1ecdc26ad778731ef103a_JaffaCakes118
Size

956KB
MD5

fb03466a83f1ecdc26ad778731ef103a
SHA1

0bb6dc65c61f71525fcda892ee4feea9a19ab382
SHA256

cfe956460e0ac243e76faf1f12295ce3514ea4a19929a2e0524511e5c1bfe0ef
SHA512

848cc103d7f99468611f5b8d3e12caca1c3aeeae6c038780a55bd8480cc45cdb385c4764bbc5c08c31559f40a89cf37f57a1da24e4e8fe6487e8918e3f9d35c9
SSDEEP

24576:8yOygNiTJ6u/yinBOqK0AwLdpIxXvrRPBFf9T/7sQ:80gg8u/BUBYghzRjFs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb03466a83f1ecdc26ad778731ef103a_JaffaCakes118

Files

fb03466a83f1ecdc26ad778731ef103a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

28cf64ac05c3d7dd5b8ca8f820aafc5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCloseKey

msvcrt

__setusermatherr
_amsg_exit
__wgetmainargs
memset
_controlfp
_vsnwprintf
_wcsicmp
_XcptFilter
_exit
__set_app_type
?terminate@@YAXXZ
exit
_initterm
__p__commode
_cexit
__p__fmode

tapi32

lineClose
lineAccept

setupapi

SetupDiEnumDeviceInfo
SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList

user32

PostQuitMessage
CallNextHookEx
DestroyMenu
SendDlgItemMessageA
SetWindowContextHelpId
SetWindowsHookExW
SetPropW
GetClassNameW
GetMessagePos
SetMenu
GetDesktopWindow
EqualRect
GetMessageTime
RemovePropW
GetTopWindow
CreateDialogIndirectParamW
WinHelpW
EndDialog
SetForegroundWindow
SetActiveWindow
SetRect
GetForegroundWindow
GetActiveWindow
GetClassInfoW
IsRectEmpty
GetClassInfoExW
ValidateRect
IsChild
GetMessageW
IsWindowVisible
AdjustWindowRectEx
CopyRect
InvalidateRgn
GetPropW
MapWindowPoints
UnregisterClassW
CharNextW
GetClassLongW
GetCapture
CharUpperW
GetSysColorBrush
GetNextDlgTabItem
UpdateWindow
MapDialogRect
RegisterClassW
CopyAcceleratorTableW

kernel32

GetTickCount
SetEvent
CloseHandle
GetModuleHandleA
InterlockedCompareExchange
UnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetLastError
GetCurrentProcess
OpenEventW
TerminateProcess
InterlockedExchange

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 406KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28cf64ac05c3d7dd5b8ca8f820aafc5a

Headers

File Characteristics

Imports

advapi32

msvcrt

tapi32

setupapi

user32

kernel32

Sections

.text Size: 516KB - Virtual size: 515KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 406KB - Virtual size: 3.7MB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 516KB - Virtual size: 515KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 406KB - Virtual size: 3.7MB

.rsrc
Size: 30KB - Virtual size: 30KB