098a41a96c7a2c72c41675002d55c8f0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

098a41a96c7a2c72c41675002d55c8f0_JaffaCakes118
Size

7.4MB
MD5

098a41a96c7a2c72c41675002d55c8f0
SHA1

637d13db460709658cb49095eae20a4d4beca12a
SHA256

633986f0c5006a075e6af8cdb94cca1972310f0311e38b0d53d6d394d62020b2
SHA512

df47bd77b59dfe51681bb8127fdac097fcd7d02c1cbb58f4dbdc4b94b43c5f14041796849ae6a9cb917c60e4e52a65e1db52339db2d279395cb483f46f1f0198
SSDEEP

196608:lZ3rxdN42+LAS8+IgWFQAYBzgOsZ2eL9yMlIasKH:/bPN4NL2vaUOsZPVW2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
098a41a96c7a2c72c41675002d55c8f0_JaffaCakes118

Files

098a41a96c7a2c72c41675002d55c8f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

554f6ece501c1006c06ad8e23b902017

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysFreeString
SafeArrayCreate
VariantChangeType
SafeArrayRedim

user32

OpenDesktopW
GetClipboardData
GetWindowLongA
SendMessageTimeoutW
IsCharAlphaNumericW
IsCharLowerA
SetParent
FindWindowExA
GetShellWindow
GetWindowLongW
DialogBoxParamA
CascadeWindows
UnhookWinEvent
GetUserObjectInformationW
InternalGetWindowText
RedrawWindow
RegisterWindowMessageW
DefFrameProcW
MonitorFromWindow
SetPropA
OpenWindowStationA
CreatePopupMenu
MapVirtualKeyA

kernel32

ReadConsoleInputW
GetConsoleMode
FreeEnvironmentStringsA
DebugBreak
CopyFileExW
DeleteCriticalSection
GetTapeParameters
WriteConsoleOutputW
GetBinaryTypeW
OpenMutexA
ReadFileScatter
lstrcatW
GetSystemTime
LocalAlloc
SetConsoleTitleA
ExitProcess
GetDriveTypeW
SizeofResource
SetCommMask
VirtualAllocEx
IsProcessorFeaturePresent
_lclose
LCMapStringA
ExpandEnvironmentStringsW
GetThreadContext
CreateDirectoryA
VirtualProtect
SetHandleCount
CreateWaitableTimerA
DuplicateHandle
GetTickCount
Beep
UnmapViewOfFile
GlobalUnlock
GetModuleFileNameW
SwitchToFiber
WaitNamedPipeA
LocalReAlloc
GetHandleInformation
VirtualQuery
FindFirstFileW
IsBadStringPtrA
SetVolumeLabelA
AllocConsole
ReadConsoleA
ScrollConsoleScreenBufferA
FreeLibraryAndExitThread
LocalSize

ws2_32

WSACleanup
WSAAsyncGetProtoByNumber
WSAGetServiceClassInfoW
inet_addr
ntohl
WSAHtons
shutdown
WSAEnumNetworkEvents
WSAAccept
closesocket

comctl32

ImageList_SetDragCursorImage

advapi32

SetSecurityDescriptorDacl
RegGetKeySecurity
SetTokenInformation
CryptSignHashW
InitializeSid
EnumServicesStatusW
AllocateLocallyUniqueId
BuildSecurityDescriptorW
ObjectCloseAuditAlarmA
RegSaveKeyA

msvcrt

sprintf
_wmakepath
tolower
_wchdir
_wtoi
strncpy
_chdrive
_pctype
ungetc
fgetc
_dup2
qsort
_wfsopen
_wspawnvp
_close
_beginthreadex
realloc
_sleep
_makepath
strtok
_wsopen

Sections

.text
Size: 8KB - Virtual size: 7.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

554f6ece501c1006c06ad8e23b902017

Headers

File Characteristics

Imports

oleaut32

user32

kernel32

ws2_32

comctl32

advapi32

msvcrt

Sections

.text Size: 8KB - Virtual size: 7.3MB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 7.3MB - Virtual size: 7.3MB

.rsrc Size: 68KB - Virtual size: 66KB

.text
Size: 8KB - Virtual size: 7.3MB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 7.3MB - Virtual size: 7.3MB

.rsrc
Size: 68KB - Virtual size: 66KB