02c37e8053d463e00ed5c7429bede96a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02c37e8053d463e00ed5c7429bede96a_JaffaCakes118
Size

484KB
MD5

02c37e8053d463e00ed5c7429bede96a
SHA1

a2833f9c583bd5bd9f50a1b1fe253996e8c392f1
SHA256

63252b1bb86d0b74014761af9372f93e825181b983f7343153330c77b1ef71b8
SHA512

c913ead7954c9d3be7073c5959d38d5b68dc8589354485eaa9bbc1915b0eeb5ea226a33bcfa34bc5cddb081ff36389778d8a83af90202e5b08b147ceb5260bac
SSDEEP

12288:wI4LfZbSCi1IoUcokv5yqY2mApsQF+/SzV:wNL9SCxoUcokxyqYRApBSSzV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02c37e8053d463e00ed5c7429bede96a_JaffaCakes118

Files

02c37e8053d463e00ed5c7429bede96a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3616f14af34f66ab086deb58219357fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TileChildWindows
RegisterClassExA
MapVirtualKeyExA
DialogBoxIndirectParamW
GetCapture
SetMenuDefaultItem
TabbedTextOutA
CascadeWindows
GetWindowInfo
RegisterClassA
CharNextW
OemKeyScan
DdeAccessData

kernel32

CompareStringA
GetCommandLineA
GetSystemTimeAsFileTime
ReadFile
EnterCriticalSection
SetWaitableTimer
InterlockedExchange
SetFilePointer
UnhandledExceptionFilter
GetCPInfo
ExitProcess
LeaveCriticalSection
GetComputerNameA
FindClose
TlsGetValue
GetCurrentThread
SetLastError
CompareStringW
GetLocalTime
VirtualFree
GetSystemTime
GetModuleHandleA
PulseEvent
GetCommandLineW
FlushFileBuffers
GetStartupInfoW
HeapReAlloc
HeapFree
GetEnvironmentStringsW
GetModuleFileNameA
SetHandleCount
TlsFree
SetThreadContext
SetEnvironmentVariableA
GetStdHandle
GetCurrentProcess
GetFileType
GetLastError
LCMapStringA
GetVersion
GetModuleFileNameW
GetStringTypeW
TlsSetValue
CreateDirectoryExW
VirtualAlloc
CreateMutexA
MultiByteToWideChar
RtlUnwind
GetCurrentThreadId
GetEnvironmentStrings
CloseHandle
GetProcAddress
FreeEnvironmentStringsA
WriteFile
TerminateProcess
GetCurrentProcessId
InitializeCriticalSection
VirtualQuery
GetTimeZoneInformation
QueryPerformanceCounter
OpenMutexA
LCMapStringW
HeapDestroy
LoadLibraryA
GetStartupInfoA
GetTickCount
HeapCreate
FreeEnvironmentStringsW
InterlockedDecrement
HeapAlloc
GetPrivateProfileStructA
TlsAlloc
GetStringTypeA
DeleteCriticalSection
WideCharToMultiByte
SetStdHandle
IsBadWritePtr
TransactNamedPipe
InterlockedIncrement
SetThreadPriority

comctl32

InitCommonControlsEx

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3616f14af34f66ab086deb58219357fd

Headers

File Characteristics

Imports

user32

kernel32

comctl32

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 4KB - Virtual size: 34KB

.data Size: 311KB - Virtual size: 311KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 4KB - Virtual size: 34KB

.data
Size: 311KB - Virtual size: 311KB

.rsrc
Size: 2KB - Virtual size: 1KB