30797f49c7a7d4bf4c38206800aaf1dd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30797f49c7a7d4bf4c38206800aaf1dd_JaffaCakes118
Size

668KB
MD5

30797f49c7a7d4bf4c38206800aaf1dd
SHA1

5fda012e9b3c87660f0865f85190ec922071d3a7
SHA256

1dbf657dd7847aad0325dcdc61bf03a98f8b1823e7853ea9b3cc57dc7bf05702
SHA512

762dcf89561463ba4ca518872626e18fda4ea14dfcd7a3410668b35b4cca46623a34ab81af4d4e31e40f77b7a5e45e0aea77333a38919163ae6fb8af1d14a85c
SSDEEP

12288:cmb7MQuME0Xm3I5ktDry1psDOiJW0yjNGg202jcMTyzmG:cquYXm3UktD26pJLqfhCG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30797f49c7a7d4bf4c38206800aaf1dd_JaffaCakes118

Files

30797f49c7a7d4bf4c38206800aaf1dd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de62f4c3a5424839a96dac26caad1f63

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadCursorW
DefDlgProcW
SendNotifyMessageA
IsCharUpperA
OemToCharBuffA
SwapMouseButton
SetDoubleClickTime
TabbedTextOutW
NotifyWinEvent
WindowFromDC
RegisterClassExA
RegisterClassA
CharUpperBuffA
SetActiveWindow
DdeQueryStringW
EnumDisplaySettingsA
InflateRect
EnumClipboardFormats
GetClipboardFormatNameA
SetWindowPos

comctl32

InitCommonControlsEx

kernel32

WriteConsoleOutputA
TlsFree
GetEnvironmentStringsW
GetModuleFileNameW
WriteConsoleA
MultiByteToWideChar
CreateMutexA
GetDateFormatA
GetConsoleMode
UnhandledExceptionFilter
SetConsoleCtrlHandler
GetCPInfo
HeapCreate
GetTimeZoneInformation
GetModuleHandleW
VirtualFree
DeleteCriticalSection
HeapSize
GetStdHandle
InterlockedExchange
FlushViewOfFile
FreeLibrary
TransactNamedPipe
GetFileType
GetPrivateProfileSectionNamesA
FoldStringA
HeapAlloc
SetFilePointer
EnterCriticalSection
GetProcAddress
SetUnhandledExceptionFilter
SetStdHandle
SetConsoleTitleA
CloseHandle
GetStringTypeW
SetHandleCount
GetLocaleInfoA
IsDebuggerPresent
VirtualQuery
SetEnvironmentVariableA
lstrlen
SystemTimeToFileTime
GetCurrentThreadId
TerminateProcess
GetACP
LoadLibraryA
WriteConsoleW
ExitProcess
FlushFileBuffers
GetLastError
CreateFileA
InterlockedIncrement
GetNumberFormatW
HeapFree
InitializeCriticalSectionAndSpinCount
HeapDestroy
IsValidCodePage
VirtualAlloc
CompareStringA
OpenMutexA
WriteFile
CreateFileW
QueryPerformanceCounter
InterlockedDecrement
TlsGetValue
Sleep
GetUserDefaultLCID
LeaveCriticalSection
LCMapStringW
GetModuleHandleA
GetSystemTimeAsFileTime
RtlUnwind
WideCharToMultiByte
GetFullPathNameA
SetLastError
GetCurrentProcessId
CommConfigDialogW
GetModuleFileNameA
LCMapStringA
ReadFile
GetCommandLineA
GetConsoleOutputCP
HeapReAlloc
EnumSystemLocalesA
GetVolumeInformationW
CompareStringW
GetStringTypeA
GetTimeFormatA
GetCurrentProcess
GetLocaleInfoW
GetStartupInfoA
GetCurrentThread
TlsSetValue
GetOEMCP
FreeEnvironmentStringsW
GetStartupInfoW
GetProfileStringW
GetTickCount
GetConsoleCP
GetCommandLineW
TlsAlloc
IsValidLocale

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de62f4c3a5424839a96dac26caad1f63

Headers

File Characteristics

Imports

user32

comctl32

kernel32

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 10KB - Virtual size: 28KB

.data Size: 324KB - Virtual size: 324KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 10KB - Virtual size: 28KB

.data
Size: 324KB - Virtual size: 324KB

.rsrc
Size: 4KB - Virtual size: 4KB