0f872860b30e656e3812a96cd4d709d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0f872860b30e656e3812a96cd4d709d1_JaffaCakes118
Size

167KB
MD5

0f872860b30e656e3812a96cd4d709d1
SHA1

3ebb9d8846a1be6f9786468efa8293a170743f08
SHA256

83e7b7ebd9a98804901ec6bfacdd6ae4f278cf8af9b8eb37fcaa5899e01ed8f7
SHA512

83ed52cb1419d45b6ab82866aec78bf2f889d88a146f8d953bb7f6afb15f26130b9d70a75c9b87d8f79b0b08ff58bb052b3bcc142849145c198a30a631d62382
SSDEEP

3072:SBUCb0uqzfeisnUfJygVgUw0+yRxLLdX4WHG19bJTgb8hvcN2gFh0DnVQMX955C3:S/bIzBsUfJIp09PXSrl0Qvc9CnpV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f872860b30e656e3812a96cd4d709d1_JaffaCakes118

Files

0f872860b30e656e3812a96cd4d709d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

706031f85f421a96bd7e570073af27c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

kernel32

CompareStringW
lstrcpyA
GetStartupInfoA
GlobalFree
ReleaseSemaphore
GetTempFileNameA
SetPriorityClass
GetUserDefaultLCID
HeapReAlloc
IsBadCodePtr
FileTimeToSystemTime
GetThreadIOPendingFlag
GetCurrentThreadId
IsBadReadPtr
LCMapStringW
InterlockedExchange
HeapDestroy
DeleteCriticalSection
GetEnvironmentStrings
WritePrivateProfileStringA
GetModuleFileNameA
GetCurrentProcess
CreateMutexA
TransmitCommChar
HeapCreate
SetStdHandle
LeaveCriticalSection
CloseHandle
TerminateProcess
GetTempPathW
CompareStringA
GetSystemTime
HeapAlloc
OutputDebugStringA
LoadLibraryW
GetFullPathNameA
CreateFileW
Sleep
ExitProcess
FreeLibrary
FlushFileBuffers
GetPriorityClass
SetEndOfFile
TlsSetValue
GetOEMCP
MultiByteToWideChar
FileTimeToLocalFileTime
GetFileType
ResetEvent
EnumResourceNamesW
GetTickCount
GetDiskFreeSpaceExA
GetTimeZoneInformation
InterlockedIncrement
WaitForSingleObject
RtlUnwind
HeapSize
FreeEnvironmentStringsW
GetPrivateProfileStringA
lstrcmpA
GlobalAlloc
SetUnhandledExceptionFilter
GetThreadPriority
TlsFree
InterlockedDecrement
GetFullPathNameW
SetEvent
SetHandleCount
SetLastError
HeapFree
ExitProcess
GetEnvironmentStringsW
MapViewOfFile
FreeEnvironmentStringsA
GetStdHandle
GetModuleHandleA
ExitThread
GetStringTypeW
CreateThread
WriteFile
CreateSemaphoreA
TlsAlloc
LoadLibraryA
GetCommandLineA
GetStringTypeA
IsBadWritePtr
InitializeCriticalSection
WideCharToMultiByte
GetProcAddress
IsDBCSLeadByte
UnhandledExceptionFilter
RaiseException
UnmapViewOfFile
lstrcmpW
GetCPInfo
GetEnvironmentVariableA
GetACP
TlsGetValue
LCMapStringA
CreateFileMappingA
EnterCriticalSection
GlobalUnlock
GetTempPathA
GetLastError
SetEnvironmentVariableA

user32

CharUpperA
GetKeyState
MessageBoxA
wsprintfA
wsprintfW
CharNextA
CharLowerA

shlwapi

PathAddBackslashA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

706031f85f421a96bd7e570073af27c3

Headers

File Characteristics

Imports

msimg32

kernel32

user32

shlwapi

advapi32

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 19KB - Virtual size: 18KB

.crt Size: 512B - Virtual size: 72KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 19KB - Virtual size: 18KB

.crt
Size: 512B - Virtual size: 72KB