05aebc5db8edc730fb039a738139ad43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

05aebc5db8edc730fb039a738139ad43_JaffaCakes118
Size

92KB
MD5

05aebc5db8edc730fb039a738139ad43
SHA1

5d26be6a2ba0cef940f87a5285f265571c68b43f
SHA256

d38a6c957d97168e453e9d0fb0b9f116d90b5bb774dd077707ecc7a82b1f85a1
SHA512

ba38db2ed0d6c6bfcca9240239082afceef8061ae1c1208b93e1d66551044b0ad12a8e74c0bb3edc0fbdc3041e22a339b8dcc0e03ac0d605cd30878a9a071407
SSDEEP

1536:juazNr/vrziKyzZrtZwhC+WZHbh8YLav88OuoZZzqx:jXd/TziKyzZrT+gl8rv9OuoZZzqx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05aebc5db8edc730fb039a738139ad43_JaffaCakes118

Files

05aebc5db8edc730fb039a738139ad43_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7292e2f6de943a7978873025105d1259

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetExitCodeProcess
WaitForSingleObject
CreateFileMappingA
CreateMutexA
FormatMessageA
CreateProcessA
UnmapViewOfFile
GetVolumeInformationA
MapViewOfFileEx
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
CreateEventA
WaitForMultipleObjects
FindFirstFileA
RtlUnwind
HeapAlloc
CompareStringA
CompareStringW
GetStringTypeW
GetStringTypeA
SetStdHandle
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadCodePtr
GetFileType
GetStdHandle
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
FreeEnvironmentStringsA
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetACP
GetCPInfo
GetOEMCP
VirtualAlloc
VirtualFree
IsBadWritePtr
ExitProcess
HeapDestroy
LCMapStringW
HeapCreate
FindNextFileA
TerminateProcess
MultiByteToWideChar
FindClose
SetFilePointer
SetEndOfFile
GetFileSize
ReadFile
DeleteFileA
GetLastError
WideCharToMultiByte
WriteFile
SetEnvironmentVariableA
GetDriveTypeA
CloseHandle
CreateFileA
HeapReAlloc
GetVersion
HeapSize
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameA
GetCommandLineA
SetCurrentDirectoryA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
GetModuleHandleA
GetStartupInfoA

user32

UpdateWindow
PostQuitMessage
CreateDialogParamA
SetForegroundWindow
ShowWindow
GetDlgItem
DestroyWindow
SendMessageA
InvalidateRect
GetClientRect
ExitWindowsEx
PostThreadMessageA
SetWindowTextA
PeekMessageA
GetMessageA
LoadStringA
DialogBoxParamA
TranslateMessage
DispatchMessageA
SendDlgItemMessageA
EndDialog
MessageBoxA
BeginPaint
ReleaseDC
EndPaint
GetDC

gdi32

SelectPalette
SelectObject
DeleteObject
CreateDIBitmap
RealizePalette
CreatePalette
DeleteDC
StretchBlt
SetStretchBltMode
GetObjectA
CreateCompatibleDC

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegCloseKey
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA

shell32

ShellExecuteA

comctl32

ord17

Exports

Exports

?CDAPFN0506_SendProtectMessage@@3UCDAPFN_PROPERTIES@@A
?PatchCallBack@@YGPAXIPAX@Z

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7292e2f6de943a7978873025105d1259

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 8KB - Virtual size: 6KB