05dd0b03f65a63592ebe938744bd6384_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05dd0b03f65a63592ebe938744bd6384_JaffaCakes118
Size

164KB
MD5

05dd0b03f65a63592ebe938744bd6384
SHA1

f7b8a7570d4941e8157d098a27049b8152841190
SHA256

2b6ed1d22b44c389159766b5b5ad36b1712077b27d7e3c97a9b3ed92fc9e4f6b
SHA512

a5d78a725ba5e9d9e8e2f5122322b340916d1123addbb002d66a148be24c7690fc3d713cfd3abe8edecc37c93d2df4722ecb2b0e7a55a52f9651b3e2bf66c33e
SSDEEP

3072:shi88+j9BOzVlaI5H0E+0q2Xk942+nDOkKG9xpFarw8qgjXhanQOygfMuVDkj4Fz:shi88+RB2VlXl+0qK2KOkdxpMJ9SMIEn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05dd0b03f65a63592ebe938744bd6384_JaffaCakes118

Files

05dd0b03f65a63592ebe938744bd6384_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53447f8f924893aadc1e1e6fa7d31951

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

user32

CharUpperA
GetKeyState
CharNextA
wsprintfW
wsprintfA
MessageBoxA
CharLowerA

kernel32

LoadLibraryW
FreeEnvironmentStringsA
HeapDestroy
GlobalFree
lstrcmpA
GetTempPathW
IsDBCSLeadByte
GetThreadIOPendingFlag
WriteFile
GetModuleFileNameA
GetThreadPriority
UnmapViewOfFile
GetCommandLineA
GetProcAddress
CreateMutexA
FreeLibrary
MapViewOfFile
WaitForSingleObject
GetFileType
GetCPInfo
CompareStringA
GetStringTypeA
GetDiskFreeSpaceExA
FlushFileBuffers
CompareStringW
TransmitCommChar
CreateFileMappingA
GlobalUnlock
GetTempFileNameA
CreateSemaphoreA
GetCurrentProcess
HeapFree
LCMapStringW
MultiByteToWideChar
GetEnvironmentVariableA
lstrcpyA
IsBadCodePtr
ExitThread
HeapCreate
SetHandleCount
LeaveCriticalSection
GetSystemTime
HeapReAlloc
GetFullPathNameW
EnterCriticalSection
InterlockedExchange
RtlUnwind
OutputDebugStringA
TerminateProcess
GetStringTypeW
EnumResourceNamesW
DeleteCriticalSection
GetStdHandle
FileTimeToSystemTime
TlsGetValue
lstrcmpW
TlsSetValue
GetPrivateProfileStringA
TlsFree
LCMapStringA
HeapSize
ExitProcess
TlsAlloc
IsBadReadPtr
GetTempPathA
ExitProcess
HeapAlloc
GetPriorityClass
GetEnvironmentStringsW
SetEvent
CloseHandle
SetPriorityClass
ResetEvent
GetUserDefaultLCID
GetEnvironmentStrings
InitializeCriticalSection
GetFullPathNameA
ReleaseSemaphore
FreeEnvironmentStringsW
Sleep
GetModuleHandleA
GetCurrentThreadId
FileTimeToLocalFileTime
IsBadWritePtr
CreateFileW
SetUnhandledExceptionFilter
GetOEMCP
SetStdHandle
GetACP
SetEndOfFile
CreateThread
UnhandledExceptionFilter
GetStartupInfoA
SetLastError
InterlockedIncrement
WritePrivateProfileStringA
GetTimeZoneInformation
GetLastError
GlobalAlloc
LoadLibraryA
RaiseException
WideCharToMultiByte
GetTickCount
InterlockedDecrement
SetEnvironmentVariableA

shlwapi

PathAddBackslashA

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53447f8f924893aadc1e1e6fa7d31951

Headers

File Characteristics

Imports

advapi32

user32

kernel32

shlwapi

msimg32

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 26KB - Virtual size: 25KB

.crt Size: 512B - Virtual size: 72KB

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 26KB - Virtual size: 25KB

.crt
Size: 512B - Virtual size: 72KB