0c4011ae0765f800675d2bfe60bbeccb_JaffaCakes118

General

Target

0c4011ae0765f800675d2bfe60bbeccb_JaffaCakes118
Size

76KB
MD5

0c4011ae0765f800675d2bfe60bbeccb
SHA1

9d21176c0df4cc1ec9ba2ba3ee3ac19b0b9cb0cf
SHA256

4a226c536fd1bc4f2d02e42d0b0a4a10f486a511ef5d53e90570069842c271f5
SHA512

14e50cc7825d588dbde502b5ecb9179d2dba8b652156e9568c466e8c114f0ad8099b075689e757bed4d10cf6473dd82927eab2d2edb1e254b37cc2a6db7aa989
SSDEEP

768:cG58MnITEg1iZS3zlHkCh7PkbWOwjV9nr22bzCYeEWvzYn+qY0ZSFJHUtwfy9gog:cG58MIhyoPNrbnS2bzCFqZUFlUtpgoz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c4011ae0765f800675d2bfe60bbeccb_JaffaCakes118

Files

0c4011ae0765f800675d2bfe60bbeccb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d71806aea623bf80aef8dc26bda29b8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

comctl32

ord17

kernel32

OutputDebugStringA
FindClose
Sleep
FindFirstFileA
GetSystemDirectoryA
CreateFileA
ReadFile
RemoveDirectoryA
CloseHandle
SetEndOfFile
SetFilePointer
CreateDirectoryA
DeleteFileA
WriteFile
GetVolumeInformationA
GetVersionExA
DeviceIoControl
RaiseException
SetHandleCount
GetStdHandle
HeapFree
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
SetConsoleCtrlHandler
FreeEnvironmentStringsA
RtlUnwind
GetFileType
HeapReAlloc
HeapAlloc
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
SetUnhandledExceptionFilter
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
ExitProcess

msi

ord65
ord112
ord89

user32

SetFocus
MessageBoxA
CreateDialogParamA
ShowWindow
UpdateWindow
wsprintfA
SetWindowTextA
EnableWindow
PostQuitMessage
GetDlgItem
SendMessageA
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
LoadStringA

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d71806aea623bf80aef8dc26bda29b8b

Headers

File Characteristics

Imports

advapi32

comctl32

kernel32

msi

user32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 4.0MB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 4.0MB