1b21b8b207a66e0ea328d625631db1dc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b21b8b207a66e0ea328d625631db1dc_JaffaCakes118
Size

256KB
MD5

1b21b8b207a66e0ea328d625631db1dc
SHA1

6b05d11a924b28950a1fab470dd0186c854e2332
SHA256

3f27a9707e2007af48a08ff38d820626d04511cac0c59903b433fcc22fa47e4d
SHA512

92abed88076470b57b8bfd2666b44e8e75ddaa869489367aab4e4c08df1e3c969b65f5b968f292f8ca3bcc02611d056bee50413eb7307f86dc7a261cc873348d
SSDEEP

6144:76vI8yP6E1hU+2Edr2+y0zbKX3ir6fhzo0naGRZ5:mvBySEsHEdr2NioPaGRT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b21b8b207a66e0ea328d625631db1dc_JaffaCakes118

Files

1b21b8b207a66e0ea328d625631db1dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c42ce82921743479726534a50ec0c124

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
Sleep
WaitForSingleObject
CreateFileMappingA
CreateMutexA
WaitForMultipleObjects
CreateEventA
UnmapViewOfFile
GetVolumeInformationA
MapViewOfFileEx
GetModuleFileNameA
CompareStringA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
GetFileType
CreateProcessA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapSize
FormatMessageA
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
FindNextFileA
FindFirstFileA
FindClose
SetFilePointer
SetEndOfFile
GetFileSize
ReadFile
DeleteFileA
GetLastError
WideCharToMultiByte
WriteFile
CloseHandle
HeapReAlloc
GetVersion
CreateFileA
GetStdHandle
RtlUnwind
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
CompareStringW

user32

PostThreadMessageA
SetWindowTextA
ExitWindowsEx
GetMessageA
LoadStringA
PeekMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
LoadIconA
RegisterClassA
GetSystemMetrics
BeginPaint
MessageBoxA
EndPaint
GetDC
ReleaseDC
GetClientRect
InvalidateRect
UpdateWindow
GetDlgItem
SendMessageA
DestroyWindow
PostQuitMessage
CreateDialogParamA
ShowWindow
SetForegroundWindow
CreateWindowExA

gdi32

CreateCompatibleDC
SelectObject
GetObjectA
SetStretchBltMode
StretchBlt
DeleteDC
SelectPalette
RealizePalette
CreateDIBitmap
DeleteObject
CreatePalette

advapi32

LookupPrivilegeValueA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

Exports

Exports

?PatchCallBack@@YGPAXIPAX@Z

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c42ce82921743479726534a50ec0c124

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 164KB - Virtual size: 164KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 164KB - Virtual size: 164KB