27aef7b8a329a32e271597a55d1fe4ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27aef7b8a329a32e271597a55d1fe4ef_JaffaCakes118
Size

30KB
MD5

27aef7b8a329a32e271597a55d1fe4ef
SHA1

3ae0175e142cc565f95981679cc7948969313cf9
SHA256

3446921effd6417d5cbadbd76163b68184649983d4a090b01f4b108a8a0b0a8f
SHA512

f5f0cefddb1cde9e66df33911dbbf1b622596ee80a1922bbe2a2a8605dcc06a74eb4023a37a9694d94c28ebe5334cae9e9c4b173c4b1b6f3cf06d57f8d79412a
SSDEEP

768:qFm0fF0IqQxrlK0N0LekTG41F7QDuueuuuuuuuuohuuuuduuuuuuuuuuuuuuuuu0:zSrHOTTpQyueuuuuuuuuohuuuuduuuu1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27aef7b8a329a32e271597a55d1fe4ef_JaffaCakes118

Files

27aef7b8a329a32e271597a55d1fe4ef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

127345fc05035190414c0b820681782f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleInitialize
CLSIDFromProgID
DcomChannelSetHResult
CoCreateInstance

advapi32

CryptCreateHash
CryptGetHashParam
RegQueryValueExA
CryptAcquireContextA
RegCloseKey
CryptHashData
RegOpenKeyExA
CryptDestroyHash

gdi32

DeleteObject
CreateFontIndirectA
GetObjectA
GetStockObject

kernel32

MultiByteToWideChar
lstrlenA
DeleteFileW
CreateFileW
LockResource
GetCurrentProcess
FindFirstFileW
CloseHandle
GetSystemDirectoryW
IsBadStringPtrW
InterlockedIncrement
SizeofResource
GetTickCount
GetCurrentThreadId
FindResourceW
GetUserDefaultLangID
DeviceIoControl
FindClose
SetFilePointer
GetPrivateProfileStringW
HeapFree
lstrcmpiA
GetWindowsDirectoryA
LoadResource
GetVersionExA
GetProcessHeap
RemoveDirectoryW
ReleaseSemaphore
GetSystemTime
WriteFile
HeapAlloc
FindNextFileW
SetEndOfFile
ReleaseMutex
GetModuleFileNameW
VirtualLock
SetLastError
GetFileSize
CreateFileA
GetSystemDefaultLangID
GetLastError
SetFileAttributesA
ReadFile
GetSystemTimeAsFileTime
CreateDirectoryW
VirtualFree
LocalFree
GetFileAttributesW
QueryPerformanceCounter
VirtualUnlock
GetCurrentProcessId
InterlockedDecrement
GetPrivateProfileIntW
GetTempFileNameW
GetStartupInfoA
CreateSemaphoreA
CreateMutexA
IsBadReadPtr

user32

SendMessageA
GetDlgItemTextA
SendDlgItemMessageA
wsprintfA
ExitWindowsEx
SetWindowPos
EndDialog
GetWindowLongA
CallWindowProcA
GetDlgItem
ReleaseDC
GetWindowRect
CharNextA
MsgWaitForMultipleObjects
EnableWindow
DispatchMessageA
LoadStringA
MessageBoxA
SetForegroundWindow
ShowWindow
GetDC
PeekMessageA
SetDlgItemTextA
DialogBoxIndirectParamA
SetWindowLongA
GetDesktopWindow
SetWindowTextA
MessageBeep
CharPrevA
CharUpperA

ntdll

NtQueryObject
RtlEqualUnicodeString
RtlInitAnsiString
RtlCreateSecurityDescriptor
RtlInitUnicodeString
NtSetSecurityObject
NtQuerySecurityObject

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 117KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

127345fc05035190414c0b820681782f

Headers

File Characteristics

Imports

ole32

advapi32

gdi32

kernel32

user32

ntdll

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 125KB

.rsrc Size: 3KB - Virtual size: 3KB

.edata Size: 117KB - Virtual size: 239KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 125KB

.rsrc
Size: 3KB - Virtual size: 3KB

.edata
Size: 117KB - Virtual size: 239KB