27999f6111006141d8e53bfb29726ec8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27999f6111006141d8e53bfb29726ec8_JaffaCakes118
Size

544KB
MD5

27999f6111006141d8e53bfb29726ec8
SHA1

fda539b4749bfc0192c57a27dad6703f22b660cb
SHA256

0e60a88015fa8a820f96ad0c9a67ec6d163ff070ee561c2d06f3781eb88d2691
SHA512

c15d617f35e3b8521bfb5ea0b4199de7584556e0bc75d8f23cae8bf1888761db48821fb4fc3a1886cff4cd53e5b201521573b5919a45064dbac13c1ccf0b36d8
SSDEEP

12288:0k9gr38dpVDj6X04UrDFtwQzyNc7zBbsNDDY3v+:0k83c1+04kDHwOVHBnf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27999f6111006141d8e53bfb29726ec8_JaffaCakes118

Files

27999f6111006141d8e53bfb29726ec8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76299768ed38741957bf229b9e96484d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MapWindowPoints
IsCharLowerA
DestroyWindow
RegisterClassA
OpenWindowStationW
MessageBoxW
AttachThreadInput
IsCharAlphaA
LoadStringW
GetForegroundWindow
RegisterClassExA
GetWindowWord
CopyAcceleratorTableW
UpdateWindow
DefWindowProcW
ChildWindowFromPointEx
ShowWindow
SetUserObjectInformationW
SetWindowWord
CreateWindowExW
DragObject
CreateDialogIndirectParamW
CallWindowProcA
IntersectRect
SetWindowsHookExW
IsChild
ScreenToClient
DrawAnimatedRects
GetTitleBarInfo
SetClipboardViewer
IsCharUpperA
EndTask
GetMenuContextHelpId
GetDC

comctl32

CreateStatusWindowW
InitCommonControlsEx

kernel32

InitializeCriticalSection
WriteFile
WideCharToMultiByte
TryEnterCriticalSection
DeleteCriticalSection
VirtualAlloc
GetLastError
GetTimeFormatA
LoadLibraryA
EnterCriticalSection
IsBadWritePtr
SetEnvironmentVariableA
VirtualQuery
GetSystemTimeAsFileTime
TerminateProcess
HeapDestroy
GetTickCount
GetLocaleInfoA
IsValidLocale
GlobalFindAtomW
VirtualProtect
LCMapStringW
GetFileType
GetStartupInfoA
SetHandleCount
GetEnvironmentStringsW
UnhandledExceptionFilter
GetFileTime
TlsGetValue
EnumSystemLocalesA
GetCurrentProcessId
FreeEnvironmentStringsW
FlushFileBuffers
GetCurrentThreadId
GetSystemInfo
GetStringTypeA
CreateFileMappingW
MultiByteToWideChar
VirtualFree
ReadConsoleInputW
CompareStringW
GetNamedPipeHandleStateW
GetDiskFreeSpaceW
LeaveCriticalSection
FreeEnvironmentStringsA
SetLastError
HeapReAlloc
RtlUnwind
GetACP
GetDateFormatA
TlsAlloc
GetVersionExA
Sleep
GetModuleFileNameA
CompareStringA
CloseHandle
GetProcessHeaps
HeapFree
GetCurrentThread
QueryPerformanceCounter
GetOEMCP
TlsFree
InterlockedExchange
SetFilePointer
LCMapStringA
GetCommandLineA
ReadFile
CreateMutexA
HeapSize
GetEnvironmentStrings
GetLocaleInfoW
ExitProcess
GetTimeZoneInformation
OpenMutexA
HeapAlloc
GetModuleHandleA
GetStdHandle
GetStringTypeW
SetStdHandle
GetProcAddress
GetCPInfo
TlsSetValue
HeapCreate
GetCurrentProcess
GetUserDefaultLCID
IsValidCodePage

advapi32

CryptDecrypt
CryptEnumProvidersW
RegDeleteKeyW
CryptGetUserKey
RegNotifyChangeKeyValue
RegCreateKeyW
CryptGetProvParam
CryptGetDefaultProviderW
InitializeSecurityDescriptor
CryptSetProviderExA
AbortSystemShutdownW

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76299768ed38741957bf229b9e96484d

Headers

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 256KB - Virtual size: 253KB

.data Size: 104KB - Virtual size: 131KB

.rsrc Size: 92KB - Virtual size: 90KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 256KB - Virtual size: 253KB

.data
Size: 104KB - Virtual size: 131KB

.rsrc
Size: 92KB - Virtual size: 90KB