06ea9afd24381a391a0e3c54e2788368_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06ea9afd24381a391a0e3c54e2788368_JaffaCakes118
Size

29KB
MD5

06ea9afd24381a391a0e3c54e2788368
SHA1

3908dbb46811bba1a2a31c5ec1ea919daa1025f8
SHA256

c8f5317cdfe3f9374153cdbed22dde25adb65ba971a48e078d3bc1db3a639470
SHA512

4a5554c8678908e2eecb02e73ac36572411c8477db3aa4db74abace480368fb65ac0a795b71bac5e16a21ba063790776026790558e220e03f27ed59288fb72e1
SSDEEP

768:9tCslREPORF/5+xPZYdkIZlUsLkJ05i07b:9tCslqmRF/g1Z4F/UU5X7b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06ea9afd24381a391a0e3c54e2788368_JaffaCakes118

Files

06ea9afd24381a391a0e3c54e2788368_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d622bb5398c95fd78ee73d1931752224

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
CreateThread
lstrcmpiA
WaitForSingleObject
CreateProcessA
CloseHandle
WriteFile
GetTickCount
CreateFileA
GetLocaleInfoA
GetVersionExA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GlobalUnlock
GlobalLock
GetLastError
GetWindowsDirectoryA
InterlockedDecrement
ReleaseMutex
CreateMutexA
ExpandEnvironmentStringsA
GetModuleFileNameA
TerminateThread
GetFileAttributesA
CopyFileA
SetFileAttributesA
ExitProcess
LocalFree
WideCharToMultiByte
GetStartupInfoA
Sleep
GlobalAlloc
ExitThread

user32

GetWindowTextA
SwitchToThisWindow
MessageBoxA
BlockInput
keybd_event
SetForegroundWindow
ShowWindow
VkKeyScanA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
FindWindowA
IsWindow
GetMenu
FindWindowExA
SendMessageA
SetFocus

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

msvcr71

??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_controlfp
?terminate@@YAXXZ
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
strncpy
sprintf
rand
strchr
strcpy
strcat
free
memcpy
memset
malloc
strlen
_vsnprintf
??3@YAXPAX@Z
strcmp
??_V@YAXPAX@Z
strstr
__CxxFrameHandler
srand
_snprintf
strtok
memcmp
atoi
_callnewh
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
__dllonexit
wcslen

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d622bb5398c95fd78ee73d1931752224

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcr71

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 272KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 272KB