257479e5d4acd72616e9d327c143b245_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

257479e5d4acd72616e9d327c143b245_JaffaCakes118
Size

2.0MB
MD5

257479e5d4acd72616e9d327c143b245
SHA1

0d0cc54e8e7ecaa57a6abcca03e86e54828bd4cb
SHA256

cddfb9d52d11a29b06d432416a24274a6af7f6752c7ac08298f74bc2ddde3f7a
SHA512

3cbeecc96f608f018fbee9d23b6b930847cd38d049cabd5f419d37d662ee92a6710414e319f5d7d3799750e4e3303b6a3f5689f88a6785613c7ebbb4a47efe10
SSDEEP

49152:x+3ZnVFENnxKt3hUdIvtkrQZtCTP/ToWOQ3V4F5IPFd:6VF8xKxu2qLTXjOYWF5Itd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
257479e5d4acd72616e9d327c143b245_JaffaCakes118

Files

257479e5d4acd72616e9d327c143b245_JaffaCakes118
.exe windows:4 windows x86 arch:x86

44d66c5a080daf6430ecf9f687c2b5e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtOpenFile
RtlUnicodeToOemN

kernel32

ExitProcess
GlobalAlloc
DeleteCriticalSection
GetModuleHandleW
VirtualAlloc
GetCommandLineW
CreateThread
VirtualFree
GetDriveTypeA
CreateEventA
GetTempFileNameW
GetCurrentProcess
GetConsoleMode
GlobalLock
GetStartupInfoW
GetPrivateProfileSectionA
EnumSystemLocalesA
GetCurrentProcessId
GetStringTypeA
DeviceIoControl
GetCommandLineW
GetCurrentProcess
LeaveCriticalSection
CreateEventW
GetModuleHandleW
VirtualFree
ExitProcess
VirtualAlloc
GetStartupInfoW
GetCurrentProcessId

ole32

OleInitialize
OleUninitialize
CoCreateGuid
CoUninitialize
CoRevokeClassObject
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
CoInitialize
WriteClassStm

msvcrt

_exit
__dllonexit
exit
_wcsnicmp
_wcsnicmp
tolower
__p___initenv
_onexit
_dup
ctime
_vsnwprintf
memmove

gdi32

GetObjectType
GetWinMetaFileBits
Rectangle
Rectangle
CreateRectRgnIndirect
GetObjectA
SetWindowOrgEx

advapi32

GetLengthSid
RegDeleteKeyW

version

GetFileVersionInfoA
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW

user32

GetDlgItem
DeleteMenu
PtInRect
GetForegroundWindow

Sections

.text
Size: 13KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 961KB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 959KB - Virtual size: 961KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44d66c5a080daf6430ecf9f687c2b5e7

Headers

File Characteristics

Imports

ntdll

kernel32

ole32

msvcrt

gdi32

advapi32

version

user32

Sections

.text Size: 13KB - Virtual size: 14KB

.data Size: 68KB - Virtual size: 68KB

.rdata Size: 961KB - Virtual size: 6.4MB

.idata Size: 959KB - Virtual size: 961KB

.idata Size: 10KB - Virtual size: 10KB

.rsrc Size: 74KB - Virtual size: 74KB

.text
Size: 13KB - Virtual size: 14KB

.data
Size: 68KB - Virtual size: 68KB

.rdata
Size: 961KB - Virtual size: 6.4MB

.idata
Size: 959KB - Virtual size: 961KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 74KB - Virtual size: 74KB