1a57e539c2ebe1b1ee9d4bf9eea5239e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a57e539c2ebe1b1ee9d4bf9eea5239e_JaffaCakes118
Size

178KB
MD5

1a57e539c2ebe1b1ee9d4bf9eea5239e
SHA1

8e1737b9dab7b5d02214faa09a8496466beeb1b4
SHA256

ecf4acc9fd8347013108c062213bc1ad297888781a36041d2b9d155e82988705
SHA512

5ca543f38dfa2e511a3cc8f1b92efa8c91b40a8bbb6691e923842604f59a7e112cee346159480a969481f4a68c66c97cfb86638f7d3602d2401a738abfa76d4c
SSDEEP

3072:UO6g9V3JAwZra20Vqdw5t4ma9OMhNJ7/HpGzYEU7In:UO39V3PQ26sF95DVJg1z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a57e539c2ebe1b1ee9d4bf9eea5239e_JaffaCakes118

Files

1a57e539c2ebe1b1ee9d4bf9eea5239e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

431547cdb032c49859a16033fca252fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc

shlwapi

PathFindExtensionA

kernel32

InitializeCriticalSection
WideCharToMultiByte
HeapSize
VirtualProtect
GetCurrentProcessId
HeapReAlloc
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
LoadLibraryA
GetProcAddress
LoadLibraryExA
GetStartupInfoA
GetLastError
FindResourceA
SetHandleInformation
GetCommandLineA
LCMapStringW
MulDiv
IsBadReadPtr
TlsGetValue
VirtualQuery
lstrcatA
GetLocaleInfoA
FlushInstructionCache
lstrcpynA
TlsAlloc
IsBadWritePtr
GetStringTypeW
ExitProcess
SetLastError
TransmitCommChar
SetFilePointer
lstrlenA
GetACP
InterlockedExchange
TlsFree
EnumResourceNamesW
QueryPerformanceCounter
RaiseException
GetEnvironmentStringsW
GetSystemInfo
FreeEnvironmentStringsA
lstrcpyA
InterlockedDecrement
GetProcessHeap
SizeofResource
HeapDestroy
FlushFileBuffers
GetOEMCP
LeaveCriticalSection
CloseHandle
GetStringTypeA
SetHandleCount
VirtualAlloc
ExitProcess
SetUnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetTickCount
InterlockedIncrement
GetVersionExA
GetCurrentThreadId
GetFileType
GetThreadLocale
HeapAlloc
SetStdHandle
EnterCriticalSection
DisableThreadLibraryCalls
GetModuleFileNameA
MultiByteToWideChar
lstrlenW
VirtualFree
LoadResource
TlsSetValue
IsDBCSLeadByte
DeleteCriticalSection
IsBadCodePtr
FreeLibrary
LockResource
lstrcmpiA
HeapCreate
GetCPInfo
GetModuleHandleA
GetEnvironmentStrings
LCMapStringA
GetStdHandle
WriteFile
HeapFree

gdi32

GetTextExtentPointA
GetDeviceCaps
GetTextMetricsA
DeleteObject
SelectObject
CreateFontIndirectA

msimg32

AlphaBlend
TransparentBlt

user32

GetDlgItemTextA
SendMessageA
IsWindow
SetWindowLongA
DestroyWindow
WinHelpA
IsDialogMessageA
GetDialogBaseUnits
SetDlgItemTextA
MoveWindow
CreateDialogParamA
UnregisterClassA
ShowWindow
GetDlgItem
CheckDlgButton
GetDC
ReleaseDC
IsDlgButtonChecked
EnableWindow
CharNextA

advapi32

RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

431547cdb032c49859a16033fca252fc

Headers

File Characteristics

Imports

ole32

shlwapi

kernel32

gdi32

msimg32

user32

advapi32

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 42KB - Virtual size: 41KB

.crt Size: 512B - Virtual size: 336KB

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 42KB - Virtual size: 41KB

.crt
Size: 512B - Virtual size: 336KB