06e9c1a9efe2d0894ac1c48aaa1d1305_JaffaCakes118

General

Target

06e9c1a9efe2d0894ac1c48aaa1d1305_JaffaCakes118
Size

154KB
MD5

06e9c1a9efe2d0894ac1c48aaa1d1305
SHA1

f90e3aaeb31b464e24db20349d8af4dad8ec4338
SHA256

504a7a1270f3628a7fb4d9fb8dd67f7631146525e928dd27671e95a40a685bd6
SHA512

5af20da012d552b6089b11dcb248ba8271d1f1e7b518b98dee39a4e52236f3d0d6f9a5609e44a77763e059cbd9a2c15fbdbf4057d2862598f88b42661d9035e6
SSDEEP

3072:kWA4qWH9+ju9QQeaK5D/sPtb/cX9TWbS+hONCDx6xAYjgSLI:kZ4rH9iJQet5TsR/M9TW2cDx6sS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06e9c1a9efe2d0894ac1c48aaa1d1305_JaffaCakes118

Files

06e9c1a9efe2d0894ac1c48aaa1d1305_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3d0e7cb4a880c276e420ca1083bc217

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
DeleteFileA
GlobalAddAtomA
LoadLibraryExA
LoadLibraryA
GetDateFormatA
lstrcpynA
GetFileAttributesA
GetCurrentThreadId
MoveFileA
lstrcmpA
GetLastError
InitializeCriticalSection
ExitProcess
FindClose
FindFirstFileA
GetCurrentProcess
CreateEventA
GlobalDeleteAtom
GetVersionExA
LocalFree
CompareStringA
SetHandleCount
lstrlenA
WideCharToMultiByte
GlobalAlloc
FormatMessageA
GetProcessHeap
SetThreadLocale
VirtualAlloc
LoadResource
GetDiskFreeSpaceA
SetLastError
SetErrorMode
MulDiv
GetThreadLocale
GetCurrentThread

user32

GetDC
GetParent
GetForegroundWindow
DrawFrameControl
CharToOemA
GetMenuItemCount
RegisterClassA
GetSysColor
GetScrollInfo
FrameRect
GetCursorPos
DrawEdge
EnumWindows
SetCursor
IsDialogMessageA
SystemParametersInfoA
GetMenuState
MessageBoxA
CreatePopupMenu
IsMenu
GetSubMenu
CreateIcon
GetDesktopWindow
GetMenuStringA
GetClientRect
CallNextHookEx
DrawMenuBar
DefMDIChildProcA
FindWindowA
GetMenuItemID
DeferWindowPos
GetKeyNameTextA
FillRect
GetIconInfo
GetFocus
EnumThreadWindows

shlwapi

SHDeleteKeyA
StrCSpnA
StrDupA
SHQueryInfoKeyA
StrCatBuffA
StrStrIA
StrCmpICA
SHDeleteValueA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 132KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a3d0e7cb4a880c276e420ca1083bc217

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 2KB

.edata Size: 132KB - Virtual size: 208KB

BSS Size: 6KB - Virtual size: 5KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 2KB

.edata
Size: 132KB - Virtual size: 208KB

BSS
Size: 6KB - Virtual size: 5KB