0b80380643687f362e0d957a76a39b14_JaffaCakes118

General

Target

0b80380643687f362e0d957a76a39b14_JaffaCakes118
Size

292KB
MD5

0b80380643687f362e0d957a76a39b14
SHA1

3d015a765bc274d19fb3dc864c93bf5488d6cd59
SHA256

0287e361042f1498e537dcc4d57270e9bd8cee8bb60646c10abe85fe1175ad8a
SHA512

9bf36ed26bbc5137f7bc12449d8bfb24b37f8b5f2e6530114d34450d072ee1cbe895161ba1909c0beba35d66fca7d1cb67cb61619a9af7c8d9e1d8b7938d2954
SSDEEP

6144:AxGK6rd2YRZVECRLZonomZ/Ib2fFlZAoSRccKF+srG:1v1hFoomZ/IafFlSoSXIrG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b80380643687f362e0d957a76a39b14_JaffaCakes118

Files

0b80380643687f362e0d957a76a39b14_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3129ed7222163601bf6edf2f5101df58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SuspendThread
GetCurrentThreadId
FindNextChangeNotification
MulDiv
Sleep
GetLastError
ExitProcess
FreeLibrary
SetEvent
HeapAlloc
HeapFree
HeapSize
IsBadReadPtr
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
ResumeThread
CreateWaitableTimerW
GetCurrentThread
FreeResource
DeleteFileW
CreateFileW
GetTickCount
SetCurrentDirectoryW
QueryDosDeviceW
GetModuleHandleW
CreateEventW
CreateThread
DuplicateHandle
SizeofResource
GetFileSize
GetProcAddress
GetUserDefaultLangID
LockResource
SetLastError
FindNextFileW
MoveFileW
WideCharToMultiByte
GetProcessHeap
SetWaitableTimer

user32

SetCursor
GetWindowDC
DefWindowProcW
EndDialog
SetCapture
GetWindowRect
SetWindowPos
FillRect
RegisterHotKey
PostQuitMessage
ReleaseDC
PostMessageW
GetCursorPos
SystemParametersInfoW
GetSystemMetrics
TranslateMessage
SetForegroundWindow
GetClassNameW
DestroyMenu
GetWindowThreadProcessId
GetMessageW
PostThreadMessageW
RedrawWindow
LoadStringW
CreatePopupMenu
SetCursorPos
DestroyIcon
RegisterClassExW
LoadCursorW

gdi32

GetDeviceCaps
CreateCompatibleBitmap
GetStockObject
CreateBitmap
CreatePen
SetTextColor
CreateRoundRectRgn
SetBkMode
CreateSolidBrush
CreateCompatibleDC
GetObjectW
DPtoLP
SetMapMode
DeleteDC

advapi32

RegQueryValueExW
GetUserNameW
StartServiceW
RegDeleteValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegCreateKeyExW
LookupAccountSidW

shell32

SHChangeNotify

ole32

CoInitializeEx
CreateStreamOnHGlobal

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3129ed7222163601bf6edf2f5101df58

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 264KB - Virtual size: 262KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 20KB - Virtual size: 19KB

.text
Size: 264KB - Virtual size: 262KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 20KB - Virtual size: 19KB