01bcf30f3e207be3c2ed5a8ed4f38490_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01bcf30f3e207be3c2ed5a8ed4f38490_JaffaCakes118
Size

129KB
MD5

01bcf30f3e207be3c2ed5a8ed4f38490
SHA1

c8c5d072009c38bba3ddf013c27f1cf8c01bc949
SHA256

09e0b0eb410d3dbbd8bcc370061f955fc05ad0efc6e6a4611f34e7b9a37c0160
SHA512

637b7679b967541cd21f951990ab614bfd5700a44b8f6e1de6142f8730fd58f4c327d4ee76afa52ec720bafc2707f558c96c58d26875476071a5119dd0943a98
SSDEEP

1536:pqNRDsDN23iVTjk8u8ZHUbTD0cOm2fmxujoSX0vR/jcZpqbnDWh3++NZ4NHhm:cN6YiVTjkTR2uxujoPSvz++k1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01bcf30f3e207be3c2ed5a8ed4f38490_JaffaCakes118

Files

01bcf30f3e207be3c2ed5a8ed4f38490_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c4c416daccf7ca7fe4481dcece61232

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
Sleep
InterlockedExchange
CreateProcessA
OpenEventA
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
GetTickCount
CreateMutexA
lstrcmpiA
GetVersionExA
GetCurrentProcess
GetPrivateProfileStringA
SetPriorityClass
GetCommandLineA
lstrlenA
FreeLibrary
GetDiskFreeSpaceA
SetErrorMode
GetCurrentDirectoryA
GetCurrentThreadId
GetCurrentProcessId
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
VirtualQuery
GetPrivateProfileIntA
UnmapViewOfFile
GetVersion
CreateFileMappingA
GetLastError
OpenFileMappingA
MapViewOfFile
LoadLibraryA
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetOEMCP
FlushFileBuffers
SetStdHandle
IsBadCodePtr
CloseHandle
MultiByteToWideChar
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
RtlUnwind
GetStartupInfoA
ExitProcess
HeapFree
TerminateProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCPInfo
GetACP
SetUnhandledExceptionFilter
GetEnvironmentStringsW
SetHandleCount
LCMapStringA
LCMapStringW
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings

user32

PostQuitMessage
PostMessageA
IsWindow
LoadStringA
SetTimer
KillTimer
CloseDesktop
OpenDesktopA
SystemParametersInfoA
GetForegroundWindow
FindWindowA
SendMessageA
FindWindowExA
TranslateMessage
DispatchMessageA
RegisterClassExA
CreateWindowExA
DefWindowProcA
DialogBoxParamA
SetWindowTextA
GetDlgItem
SetWindowPos
GetWindowRect
GetSystemMetrics
MoveWindow
SetActiveWindow
EndDialog
GetMessageA
EnumChildWindows

gdi32

GetStockObject

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

comctl32

InitCommonControlsEx

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c4c416daccf7ca7fe4481dcece61232

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 20KB

.WYCao Size: 52KB - Virtual size: 52KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 20KB

.WYCao
Size: 52KB - Virtual size: 52KB