02d05411b638bd0ac530fa9f9e9a9155_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02d05411b638bd0ac530fa9f9e9a9155_JaffaCakes118
Size

165KB
MD5

02d05411b638bd0ac530fa9f9e9a9155
SHA1

748561b6ac2b0d267b4ff9baad96819ff142f016
SHA256

bae43b090609cef9195833df58f3e8541bc644c0e93a875cbd62e775d9f22de9
SHA512

d17954949cd45c75dc7fee5ef0775549591c51c354a10a5d0465750ee9873a0704202024848a6aba35180d8d0aa11f264e630f511fb11a9091a4ea86d668a92a
SSDEEP

3072:N/bOSAR/fr8fpo7u1XorfhDeSN1PipJO/VqDF+C2LCuv+0WJupoB/E1Hb8l:5bOD5r0Qrfhv9s8IDF+1O0uoodgHwl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02d05411b638bd0ac530fa9f9e9a9155_JaffaCakes118

Files

02d05411b638bd0ac530fa9f9e9a9155_JaffaCakes118
.exe windows:4 windows x86 arch:x86

54880f47c082dcdcd7082b2884b26eff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

kernel32

GlobalUnlock
lstrcmpW
SetEndOfFile
OutputDebugStringA
lstrcmpA
UnmapViewOfFile
RaiseException
SetEvent
ExitProcess
LCMapStringA
InitializeCriticalSection
CreateMutexA
HeapReAlloc
GetOEMCP
GetFullPathNameA
FreeLibrary
RtlUnwind
TerminateProcess
GetThreadIOPendingFlag
MultiByteToWideChar
GetTickCount
GetProcAddress
IsDBCSLeadByte
LoadLibraryW
ReleaseSemaphore
GetCPInfo
TransmitCommChar
SetHandleCount
GetStringTypeA
FlushFileBuffers
FileTimeToLocalFileTime
GetThreadPriority
GetStdHandle
GetEnvironmentStringsW
GetPriorityClass
CreateThread
GetCommandLineA
CreateFileMappingA
EnterCriticalSection
GetCurrentThreadId
HeapSize
LCMapStringW
CloseHandle
TlsFree
CreateSemaphoreA
TlsAlloc
TlsGetValue
InterlockedIncrement
LoadLibraryA
GetModuleFileNameA
GetCurrentProcess
SetLastError
SetPriorityClass
CompareStringA
EnumResourceNamesW
HeapDestroy
FreeEnvironmentStringsW
GlobalFree
lstrcpyA
GetStartupInfoA
WaitForSingleObject
SetStdHandle
HeapFree
GlobalAlloc
WritePrivateProfileStringA
GetTempPathW
HeapCreate
InterlockedExchange
CreateFileW
GetLastError
GetFullPathNameW
WriteFile
GetFileType
GetUserDefaultLCID
WideCharToMultiByte
IsBadReadPtr
GetDiskFreeSpaceExA
ExitProcess
FileTimeToSystemTime
ExitThread
FreeEnvironmentStringsA
MapViewOfFile
GetModuleHandleA
Sleep
CompareStringW
GetStringTypeW
GetSystemTime
GetPrivateProfileStringA
GetTempPathA
GetACP
ResetEvent
LeaveCriticalSection
GetEnvironmentVariableA
GetEnvironmentStrings
GetTimeZoneInformation
HeapAlloc
InterlockedDecrement
IsBadCodePtr
IsBadWritePtr
DeleteCriticalSection
GetTempFileNameA
UnhandledExceptionFilter
TlsSetValue
SetUnhandledExceptionFilter
SetEnvironmentVariableA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

user32

wsprintfW
GetKeyState
wsprintfA
CharUpperA
CharNextA
MessageBoxA
CharLowerA

shlwapi

PathAddBackslashA

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54880f47c082dcdcd7082b2884b26eff

Headers

File Characteristics

Imports

msimg32

kernel32

advapi32

user32

shlwapi

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 23KB - Virtual size: 22KB

.crt Size: 512B - Virtual size: 72KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 23KB - Virtual size: 22KB

.crt
Size: 512B - Virtual size: 72KB