246acea1972683bec3e512ddc6ceca97_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

246acea1972683bec3e512ddc6ceca97_JaffaCakes118
Size

40KB
MD5

246acea1972683bec3e512ddc6ceca97
SHA1

0e17be6b6a1edd8dd3c210c92d8d0b4c17059748
SHA256

9fedca0f9679ea223ab77d3e65dc70a5e3c0097bfc13b90b82383282f757229c
SHA512

a8a7f02e47c8aa9909316fbd286cdda312266cdf5185c817c11a18e06688fe9ddaab19e8f9e1c75c37194134c87eeabe0ab25f59562023ab0a397d7eaa5d0c13
SSDEEP

768:HddbCK/rcrKew+y00OPyHh6otLZ2HnXVaLdQ:HHn4rKdRXO6AooXVaLdQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
246acea1972683bec3e512ddc6ceca97_JaffaCakes118

Files

246acea1972683bec3e512ddc6ceca97_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c53d60a041d5625dc5508ab712add52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
GetStringTypeW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
LCMapStringW
GetProcAddress
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
CreateProcessA
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
lstrlenA
lstrcatA
RtlUnwind
HeapFree
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
CloseHandle

user32

SendMessageA
GetKeyState
GetDlgCtrlID
WaitForInputIdle
SetWindowLongA
GetClientRect
GetWindowRect
SetWindowPos
SetWindowTextA
FillRect
GetFocus
GetParent
GetWindow
GetWindowLongA
SetFocus
PostQuitMessage
IsDlgButtonChecked
DefWindowProcA
GetDC
ReleaseDC
InvalidateRect
GetDlgItem
PostMessageA
FindWindowA
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA

gdi32

SelectPalette
RealizePalette
SetBkMode
GetStockObject

qversion

bIfVersion

qwutil7

ord1954
ord1429
ord2302
ord2312
ord1728
ord1955
ord2300
ord800
ord1916
ord1932
ord1701
ord2907
ord1941
ord802
ord2311
ord1700
ord1425

qwwin

ord1002
ord1007

qwrmnd

ord104
ord109
ord128
ord106
ord101
ord127
_RMND_GetSchedTxItemFileName@12
ord169
ord107
ord100

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c53d60a041d5625dc5508ab712add52

Headers

File Characteristics

Imports

kernel32

user32

gdi32

qversion

qwutil7

qwwin

qwrmnd

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 8KB