0889b4d404eb108d781f2f7ba823c260_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0889b4d404eb108d781f2f7ba823c260_JaffaCakes118
Size

173KB
MD5

0889b4d404eb108d781f2f7ba823c260
SHA1

aab35d544d0f75641e169e87f3a12849ca6440a1
SHA256

cc8a1cd711edbec73e34f0dbec0b74912bedeccc899a2a01cabd4b1710af2309
SHA512

c0137a898fa3888343629226340a18f39832b1c11ac320334a12307532864f1539f2238bce3ab7a711ac5cc837addd35ec7044fc5e4736505117442f059e7e7e
SSDEEP

3072:eqgcoJbv2ZTpShypuSiuPBL+ZYtVxOkBJsEU6s2niAet3N/3hhJk6tyzuaiSqdhe:eqNoR2x6yASioN+ZMVokBpU2itt3NNtg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0889b4d404eb108d781f2f7ba823c260_JaffaCakes118

Files

0889b4d404eb108d781f2f7ba823c260_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16f426a6795b49c03aeab00d9d833208

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

PostThreadMessageA
wsprintfA
LoadStringA
RegisterClassA
CreateWindowExA
GetMessageA
wvsprintfA
MsgWaitForMultipleObjects
CopyRect
DispatchMessageA
MonitorFromWindow
RegisterWindowMessageA
GetQueueStatus
PeekMessageA
DestroyWindow

shell32

SHGetSpecialFolderPathA

ole32

CLSIDFromString
GetRunningObjectTable
CoCreateInstance
CoUninitialize
StringFromCLSID
StringFromGUID2
CoTaskMemFree
CreateItemMoniker
CoInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemAlloc

winmm

timeGetDevCaps
timeGetTime
timeBeginPeriod
timeEndPeriod

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegSetValueA
RegCreateKeyA
RegEnumKeyExA

quartz

AMGetErrorTextW

kernel32

WaitForSingleObject
CloseHandle
GetSystemTimeAsFileTime
lstrlenA
VirtualFree
FindResourceA
GetTapeParameters
GetVersionExA
InterlockedDecrement
FreeLibrary
VirtualAlloc
InitializeCriticalSection
GetModuleFileNameW
LockResource
HeapFree
LeaveCriticalSection
DeleteCriticalSection
GetExitCodeThread
GetThreadPriority
ClearCommError
IsBadWritePtr
ReleaseMutex
MultiByteToWideChar
CreateThread
ReleaseSemaphore
CreateSemaphoreA
GetCurrentThread
EnumResourceNamesA
ResetEvent
WaitForMultipleObjects
QueryPerformanceCounter
LocalFree
LoadResource
GetSystemInfo
GlobalAlloc
InterlockedIncrement
GetModuleFileNameA
LoadLibraryA
WideCharToMultiByte
CreateMutexA
DisableThreadLibraryCalls
GetTickCount
TerminateThread
CreateFileW
GetSystemTime
GetCurrentThreadId
SetEvent
GetLastError
FatalExit
IsBadReadPtr
GetProcessHeap
GetCurrentProcessId
EnterCriticalSection
Sleep
LoadLibraryW
CreateEventA
SetThreadPriority
GetACP
ResumeThread
GetProcAddress
ExitProcess

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16f426a6795b49c03aeab00d9d833208

Headers

File Characteristics

Imports

user32

shell32

ole32

winmm

advapi32

quartz

kernel32

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 43KB - Virtual size: 42KB

.lib Size: 512B - Virtual size: 88KB

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 43KB - Virtual size: 42KB

.lib
Size: 512B - Virtual size: 88KB