166bdc944c627c6cb80b69f18fd835c3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

166bdc944c627c6cb80b69f18fd835c3_JaffaCakes118
Size

144KB
MD5

166bdc944c627c6cb80b69f18fd835c3
SHA1

5d4ede89060a87853acc31c9c051eb6ffc8bd800
SHA256

d65acd4aad2d06afc85837f452af4e97607be875be02c924869c1a8269d644a7
SHA512

9533c8513401286df4c21725c80e0670e4ab70582d7b4ba413326a15efc067f68e8fa296d20aa891c3fb9c74940d1827f7a514d92c3203bb7f7d33703ee2ca4c
SSDEEP

3072:qHc6XTfIszGEL9Xu28epCM2wN7cTlAUlz5zPna00yUgE:CDzzGE1CM2S7yI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
166bdc944c627c6cb80b69f18fd835c3_JaffaCakes118

Files

166bdc944c627c6cb80b69f18fd835c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f7728f4a24d5d328b7e0181afe3afb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GetLocalTime
GetProcAddress
GetModuleHandleA
CreateThread
DuplicateHandle
GetCurrentThread
GetCurrentProcess
GetVersion
GlobalFree
VirtualProtect
LoadLibraryA
GlobalAlloc
IsBadWritePtr
ExitProcess
GetCurrentProcessId
GetTickCount
ResumeThread
SuspendThread
Sleep
GetModuleFileNameA
CloseHandle
CreateFileA
CreateFileW
GetFileInformationByHandle
GetFileSize
LockFile
LockFileEx
OpenFile
ReadFile
ReadFileEx
SetEndOfFile
SetFilePointer
UnlockFile
UnlockFileEx
WriteFile
WriteFileEx
_hread
_hwrite
_lclose
_lcreat
_llseek
_lopen
_lread
_lwrite
GetEnvironmentVariableA
FindFirstFileW
FindNextFileA
FindNextFileW
LoadLibraryW
LoadLibraryExA
LoadLibraryExW
FreeLibrary
CreateFileMappingA
CreateFileMappingW
OpenFileMappingA
OpenFileMappingW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
IsBadReadPtr
CreateEventA
WaitForSingleObject
SetEvent
GetOverlappedResult
VirtualAlloc
VirtualFree
WideCharToMultiByte
GetFileType
DeleteFileA
DeleteFileW
GetFullPathNameA
DeviceIoControl
GetTempPathA
GetWindowsDirectoryA
GetCommandLineA
GetPriorityClass
SetPriorityClass
GetThreadPriority
SetThreadPriority
lstrcpyA
GetPrivateProfileStringA
GetPrivateProfileIntA

user32

MessageBoxA
GetActiveWindow
wsprintfA

Sections

0000001
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000002
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000003
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

0000005
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000006
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0000007
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

0000008
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f7728f4a24d5d328b7e0181afe3afb4

Headers

File Characteristics

Imports

kernel32

user32

Sections

0000001 Size: 24KB - Virtual size: 22KB

0000002 Size: 12KB - Virtual size: 10KB

0000003 Size: 4KB - Virtual size: 1KB

.rsrc Size: 12KB - Virtual size: 11KB

0000005 Size: 42KB - Virtual size: 42KB

0000006 Size: 2KB - Virtual size: 2KB

0000007 Size: 34KB - Virtual size: 33KB

0000008 Size: 4KB - Virtual size: 1KB

0000001
Size: 24KB - Virtual size: 22KB

0000002
Size: 12KB - Virtual size: 10KB

0000003
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 12KB - Virtual size: 11KB

0000005
Size: 42KB - Virtual size: 42KB

0000006
Size: 2KB - Virtual size: 2KB

0000007
Size: 34KB - Virtual size: 33KB

0000008
Size: 4KB - Virtual size: 1KB