0c544146acee085ca0c8cbdb5d802466_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c544146acee085ca0c8cbdb5d802466_JaffaCakes118
Size

4.0MB
MD5

0c544146acee085ca0c8cbdb5d802466
SHA1

9638e2644bafb9643cff41f2ae2dd20b241358af
SHA256

ea9e5a1368d00b04f0ef0f547520b3134e42128ac68cf8128759d4f7b2145a0b
SHA512

56e6fc8a8bf9d1359f674523b1feb11712fc559212f2ccfbaf592f5a08371168216c01710ae3ddbfbe697632fca74e4ff42ad58952f1da2f1420960af42c8a9c
SSDEEP

98304:7VrC7Js0rgfS+aybzoDLUG2jCU6etuebCv4mcs1ixOHz:AvYYJDLUGLU6cs8OHz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c544146acee085ca0c8cbdb5d802466_JaffaCakes118

Files

0c544146acee085ca0c8cbdb5d802466_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f450f41d4113c41c90c7a228ca9e57a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegReplaceKeyW
SetSecurityDescriptorDacl
LookupPrivilegeDisplayNameA
AllocateAndInitializeSid
CryptSignHashW
SetEntriesInAclW

kernel32

ExitProcess
VirtualFree
GetShortPathNameA
LocalReAlloc
DuplicateHandle
GetLongPathNameA
CreateFileW
VirtualQueryEx
IsBadWritePtr
SetThreadLocale
FindNextChangeNotification
GetModuleHandleA
FindFirstFileA
SuspendThread
GlobalAddAtomW
ReadFileScatter
LocalFileTimeToFileTime
ConnectNamedPipe
LoadLibraryExA
ReadFile
WriteProcessMemory
lstrcmpA
PrepareTape
Beep
GetCPInfo
WriteConsoleOutputW
EnumTimeFormatsW
GetLogicalDriveStringsA
ScrollConsoleScreenBufferA
GetLocaleInfoW
GetUserDefaultLangID
QueryDosDeviceA
AreFileApisANSI
FreeLibraryAndExitThread
GetTempFileNameA
GetDriveTypeA
PeekConsoleInputW
EnumDateFormatsW
GetSystemDefaultLangID
ReadDirectoryChangesW
SetTimeZoneInformation
GetTimeZoneInformation
GetTapeStatus
OpenSemaphoreW
EnumCalendarInfoA
GetBinaryTypeW
ReadConsoleInputW
SetEnvironmentVariableW

user32

GetWindowTextA
WinHelpA
LoadKeyboardLayoutA
CharLowerA
GetKeyboardLayoutNameA
EnableWindow
IsIconic
SetFocus
OpenWindowStationW
GetMenuItemRect
RegisterClassA
DefMDIChildProcA
EnumWindowStationsA
EnumClipboardFormats
ReleaseDC
GetMenuInfo
GetWindowLongA
CallNextHookEx
CreateMDIWindowW
SendMessageW
DestroyWindow
SetWindowContextHelpId
PostThreadMessageA
CopyIcon
TrackPopupMenuEx
SetWindowTextA
OemToCharBuffW

msvcrt

vfwprintf
vsprintf
_mbsnicmp
_fsopen
_snwprintf
_beginthread
iswcntrl
_wctime
_wtoi

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f450f41d4113c41c90c7a228ca9e57a0

Headers

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

Sections

.text Size: 254KB - Virtual size: 253KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3.4MB - Virtual size: 3.4MB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 254KB - Virtual size: 253KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3.4MB - Virtual size: 3.4MB

.rsrc
Size: 18KB - Virtual size: 18KB