313f0a6182e2d699e37f59565601f535_JaffaCakes118

General

Target

313f0a6182e2d699e37f59565601f535_JaffaCakes118
Size

602KB
MD5

313f0a6182e2d699e37f59565601f535
SHA1

ca3526d09eb045e57bbdab626760b6583f32c6a8
SHA256

86b5656036ab82b17910cf5c63389e56f675db54bdbc496c673bbd575e6a8492
SHA512

dc01d51ee1e6841927c61b635cbc7f85559802149987015ae94559582361e07c428638080d628d06a0eda8cbe6d308beead41da3d650c0e2f44d65e366cc287c
SSDEEP

12288:H20gyfgw2ZKbPt20gyfgw2ZKbPt20gyfgw2ZKbPt20gyfgw2ZKbP:H20gyfX2ZeV20gyfX2ZeV20gyfX2ZeVh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
313f0a6182e2d699e37f59565601f535_JaffaCakes118

Files

313f0a6182e2d699e37f59565601f535_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0296f058932bb260bc0df9edb126b559

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA

ws2_32

send
connect

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
??3@YAXPAX@Z
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
free
_except_handler3
rand
strlen
atoi
memcpy
memset
strtok
strcpy
??2@YAPAXI@Z
strcmp
getenv
strcat

kernel32

GetStartupInfoA
ReadConsoleA
WriteConsoleA
VerLanguageNameA
AllocConsole
CloseHandle
lstrcmpiA
GetCurrentProcess
GetModuleHandleA
ReadProcessMemory
Sleep
GetModuleFileNameW
lstrlenW
WriteProcessMemory
GetCommandLineA
OutputDebugStringA
LoadLibraryA
GetModuleFileNameA
lstrcpyA
CreateMutexA
GetLastError
lstrcmpA
lstrcatA
CreateThread
WaitForSingleObject
ExitProcess
lstrlenA
GetProcAddress

user32

GetWindowLongA
TranslateMessage
DialogBoxParamA
LoadMenuA
CallWindowProcA
GetSubMenu
ShowWindow
RegisterClassExA
MessageBoxW
MessageBoxA

gdi32

StretchBlt
SelectPalette
GetFontData
CreateCompatibleDC
SetBkMode
TextOutA

comdlg32

ChooseFontA
PrintDlgA

shell32

ShellExecuteExA
Shell_NotifyIconA
SHGetFileInfoA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0296f058932bb260bc0df9edb126b559

Headers

File Characteristics

Imports

version

ws2_32

msvcrt

kernel32

user32

gdi32

comdlg32

shell32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 47KB - Virtual size: 50KB

.rsrc Size: 83KB - Virtual size: 83KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 47KB - Virtual size: 50KB

.rsrc
Size: 83KB - Virtual size: 83KB