21a309efe718db3f4b63bf4654ffff0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21a309efe718db3f4b63bf4654ffff0d_JaffaCakes118
Size

224KB
MD5

21a309efe718db3f4b63bf4654ffff0d
SHA1

314ad4fbc9058ba48b862666639c5a0ee92e8236
SHA256

680bf41c31a4cdd513157d3ec589ff2d5749f16f4d27158d83144f37adf79aab
SHA512

1a1c26db8464ba9b86d85ffb7f0bd662a0b086a604283279fb6a60b266cec63846f99763dfa2b22041167e59306658e7cea1d70c289d4568fc497839a59a7dae
SSDEEP

6144:xkQSSLKDPx4CITPAJ4gu1Wh2x87m5OTih:iQ/K69zAJg+mYs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21a309efe718db3f4b63bf4654ffff0d_JaffaCakes118

Files

21a309efe718db3f4b63bf4654ffff0d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d9d87bfb5af6c411ec1902494f68f647

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CLSIDFromProgID
OleInitialize

advapi32

CryptGetHashParam
RegQueryValueExA
CryptCreateHash
CryptAcquireContextA
RegCloseKey
RegOpenKeyExA
CryptHashData
CryptDestroyHash

gdi32

GetStockObject
DeleteObject
CreateFontIndirectA
GetObjectA

ntdll

RtlEqualUnicodeString
NtQueryObject
RtlInitAnsiString
RtlCreateSecurityDescriptor
RtlInitUnicodeString
NtQuerySecurityObject
NtSetSecurityObject

user32

MessageBoxA
DispatchMessageA
SetWindowPos
wsprintfA
EndDialog
SetDlgItemTextA
GetWindowLongA
SetForegroundWindow
CallWindowProcA
CharPrevA
CharUpperA
GetDlgItemTextA
ReleaseDC
SetWindowLongA
SetWindowTextA
MsgWaitForMultipleObjects
LoadStringA
ShowWindow
SendMessageA
PeekMessageA
MessageBeep
ExitWindowsEx
GetDC
GetWindowRect
GetDesktopWindow
DialogBoxIndirectParamA
GetDlgItem
EnableWindow
CharNextA
SendDlgItemMessageA

kernel32

GetFileAttributesW
GetPrivateProfileIntW
ResetEvent
lstrcpynA
CreateProcessA
GetSystemDefaultLangID
CreateFileA
MulDiv
InterlockedDecrement
MultiByteToWideChar
FormatMessageA
GetUserDefaultLangID
IsValidCodePage
GetThreadLocale
CompareStringA
FindFirstFileW
DeleteFileW
DeviceIoControl
lstrlenA
FindResourceW
GetPrivateProfileStringW
SizeofResource
SetThreadIdealProcessor
GetVersionExA
GetTempFileNameW
GetWindowsDirectoryA
HeapAlloc
GetLastError
RemoveDirectoryW
SetLastError
ReleaseSemaphore
CloseHandle
SetHandleInformation
GetProcessHeap
IsBadReadPtr
lstrcmpiA
QueryPerformanceCounter
FindClose
LockResource
GetFileSize
ReadFile
FindNextFileW
HeapFree
GetSystemTime
CreateSemaphoreA
SetEndOfFile
VirtualFree
GetCurrentThreadId
GetSystemDirectoryW
CreateMutexA
ReleaseMutex
SetFileAttributesA
SetFilePointer
InterlockedIncrement
LoadResource
GetTickCount
GetStartupInfoA
LCMapStringA
CreateDirectoryW
lstrcatA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9d87bfb5af6c411ec1902494f68f647

Headers

File Characteristics

Imports

ole32

advapi32

gdi32

ntdll

user32

kernel32

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 9KB - Virtual size: 13KB

.rsrc Size: 7KB - Virtual size: 6KB

.rdata Size: 192KB - Virtual size: 199KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 9KB - Virtual size: 13KB

.rsrc
Size: 7KB - Virtual size: 6KB

.rdata
Size: 192KB - Virtual size: 199KB