26a66a9889f9e5b7ec4a6077c509cff1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26a66a9889f9e5b7ec4a6077c509cff1_JaffaCakes118
Size

26KB
MD5

26a66a9889f9e5b7ec4a6077c509cff1
SHA1

0694a9778f878964f4b7c4b4fe9e67f9b04bb675
SHA256

54f84ad58ece6aefc270d087c72523de0c4c5e2589d8661ed1eec1f5e4714f96
SHA512

5362d2007ae98a8cafcff6791f93007dcf82ed96d3f957fba2f3f39070702278646214221570b82ee230cd715efb99165f3251971a48f5e1267942dd5f3c6dcd
SSDEEP

768:SVJlimFSN6is9M9Brkju7ZU+EBsiT3b2:+JlWsis9qixBvTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26a66a9889f9e5b7ec4a6077c509cff1_JaffaCakes118

Files

26a66a9889f9e5b7ec4a6077c509cff1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c3397d0281500237cb274a77a74ee8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegEnumValueA
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA

atl

AtlMarshalPtrInProc

ntdll

NtAddAtom

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

CreateFileA
InterlockedDecrement
GetModuleFileNameA
lstrcatA
GetTickCount
LocalFree
FreeLibrary
CreateThread
GetProcessHeap
VirtualAlloc
GetWindowsDirectoryA
lstrcpyA
HeapFree
LocalAlloc
InterlockedIncrement
HeapReAlloc
SetEvent
GetModuleHandleA
GetDiskFreeSpaceA
InitializeCriticalSection
GetSystemDirectoryA
CloseHandle
LoadLibraryA
HeapSize
lstrcmpA
GetProcAddress
lstrcmpiA
CreateEventA
DisableThreadLibraryCalls
HeapAlloc
lstrcpynA
lstrlenA

advpack

RegInstall

gdi32

SetGraphicsMode
DeleteObject
CreateCompatibleDC
DPtoLP
BitBlt
DeleteDC
CreateFontIndirectA
CreateSolidBrush
GetDeviceCaps
GetTextMetricsA
SetTextColor
RestoreDC
SaveDC
SetWindowOrgEx
ExtTextOutA
ModifyWorldTransform
GetObjectA
SetViewportOrgEx
SelectObject
SetBkColor

user32

CharPrevA
GetWindowLongA
LoadImageA
DestroyIcon
TranslateMessage
LoadStringA
SetWindowPos
IsWindow
PeekMessageA
EndDialog
EnableWindow
SendDlgItemMessageA
SendMessageA
SetWindowLongA
GetDC
GetDlgItem
CreateDialogParamA
GetSysColor
wsprintfA
GetClientRect
InvalidateRect
IsDialogMessageA
ShowWindow
ReleaseDC
LoadBitmapA
SetWindowTextA
GetWindowTextA
CheckDlgButton
DialogBoxParamA
MessageBoxA
DrawTextA
IsDlgButtonChecked
GetWindowRect
DispatchMessageA
SetDlgItemTextA
DestroyWindow
CharUpperA
MsgWaitForMultipleObjects

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c3397d0281500237cb274a77a74ee8e

Headers

File Characteristics

Imports

advapi32

atl

ntdll

version

kernel32

advpack

gdi32

user32

ole32

Sections

.textbss Size: - Virtual size: 96KB

.text Size: 512B - Virtual size: 428B

.idata Size: 23KB - Virtual size: 23KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 216B

.textbss
Size: - Virtual size: 96KB

.text
Size: 512B - Virtual size: 428B

.idata
Size: 23KB - Virtual size: 23KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 216B