291aa24f16cd0aa3c5061f4a5c653d0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

291aa24f16cd0aa3c5061f4a5c653d0c_JaffaCakes118
Size

645KB
MD5

291aa24f16cd0aa3c5061f4a5c653d0c
SHA1

8737bd89c48803be15a4f9f2ede689f5afb858fe
SHA256

ac4efdcd7d325058146565437feffee6950739459d1de52ad99963c900ecefe5
SHA512

bbd69055a9fd9d1b294542db3b2813686aa717221c88e65b67a089268bef9a0adeddb6bf76e9a2bf42bc7a0f6b8a9f1737bdb2fdfd63b0a36659d59465aa34c4
SSDEEP

12288:TLK2vG2cMnpUy8WSlOK3j6DopP6+27qLIuePU:TuJ2cMnpUjj6EpOqLMPU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
291aa24f16cd0aa3c5061f4a5c653d0c_JaffaCakes118

Files

291aa24f16cd0aa3c5061f4a5c653d0c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d7ad8cebf4559dd42f5fce3e9b930a49

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetVolumeLabelA
SwitchToFiber
_hread
OpenMutexA
ConnectNamedPipe
GetConsoleMode
DuplicateHandle
SetHandleCount
GetDriveTypeA
VirtualAllocEx
GetFullPathNameA
SetFileTime
PrepareTape
CreateWaitableTimerA
CreateDirectoryW
SetThreadAffinityMask
lstrcatW
GetCurrentProcess
GetFileType
GetConsoleCursorInfo
GetBinaryTypeA
GlobalFree
EnumResourceNamesW
FindResourceExW
ReadFile
FreeLibraryAndExitThread
SetNamedPipeHandleState
EnumSystemCodePagesW
MoveFileExA
ReleaseMutex
LeaveCriticalSection
ScrollConsoleScreenBufferA
lstrcmpA
VirtualFree
FindFirstFileW
ExitProcess
CreatePipe
FindFirstFileA
SetConsoleActiveScreenBuffer
FreeLibrary
SetProcessAffinityMask
GetSystemTimeAdjustment
CreateFileW
SearchPathW
AreFileApisANSI

comdlg32

ChooseColorA
PageSetupDlgW

user32

SetWindowPlacement
CharLowerBuffA
LoadStringW
InflateRect
ModifyMenuW
ScrollWindow
CreateDialogIndirectParamW
TileWindows
GetDC
MapVirtualKeyW
IsCharAlphaW
IsCharLowerA
VkKeyScanA
PeekMessageA
GetSystemMenu
WindowFromPoint
SendNotifyMessageA
CharUpperBuffW
GetClipboardOwner
PostThreadMessageW
GetMonitorInfoW
SetWindowTextW
PtInRect
HiliteMenuItem
UnregisterHotKey
EnumWindowStationsW

ws2_32

getprotobyname
WSANtohs
WSAEnumNetworkEvents
WSAInstallServiceClassW
WSAEnumProtocolsW
shutdown

advapi32

GetFileSecurityA
RegSaveKeyW
CryptGetUserKey
RegRestoreKeyW
CopySid
GetServiceDisplayNameA
OpenProcessToken

comctl32

ImageList_GetDragImage

ole32

OleCreateLink
CoGetTreatAsClass

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7ad8cebf4559dd42f5fce3e9b930a49

Headers

File Characteristics

Imports

kernel32

comdlg32

user32

ws2_32

advapi32

comctl32

ole32

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 326KB - Virtual size: 325KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 326KB - Virtual size: 325KB

.rsrc
Size: 10KB - Virtual size: 9KB