31431ffc790120bf802f8fa86db85a76_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31431ffc790120bf802f8fa86db85a76_JaffaCakes118
Size

104KB
MD5

31431ffc790120bf802f8fa86db85a76
SHA1

5f3c192e94cf679c528f601d619a274a09bf61a1
SHA256

b0266118a03a227eb8a489294c7459349ee921c4842756c37ea111259f3df0d3
SHA512

9766b6e8bd248abd66321c185919b8f33aa0b6325a8616dac9941e5f03ef9b0d26747851e05cdcc6b1bdbe432c28a98235a66ed0f76aff1435e0f474888d2233
SSDEEP

3072:slz1tS5WcybyoB2KkUDGkuUgoh96ArBW:P5CJBXhluU/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31431ffc790120bf802f8fa86db85a76_JaffaCakes118

Files

31431ffc790120bf802f8fa86db85a76_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c42585af9aeb7240ec16d23cb79105c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetProcAddress
FreeLibrary
CreateMutexA
CreateMutexW
OpenMutexA
OpenMutexW
ReleaseMutex
SetConsoleTitleA
SetConsoleTitleW
GetCurrentProcessId
CreateThread
SetEvent
WaitForSingleObject
DeleteFileW
GetTempFileNameW
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
LCMapStringW
LCMapStringA
GetLocaleInfoW
SetStdHandle
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
SetFilePointer
VirtualAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
RaiseException
GetEnvironmentStringsW
GetEnvironmentStrings
LoadLibraryW
LoadLibraryA
GetVersionExA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetSystemDirectoryW
GetSystemDirectoryA
CloseHandle
GetFileSize
ReadFile
WriteFile
FlushFileBuffers
CreateFileW
CreateFileA
OpenEventW
OpenEventA
SetLastError
CreateEventW
GetLastError
CreateEventA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetUserDefaultLCID
EnumSystemLocalesA
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA

user32

GetWindowThreadProcessId
ShowWindow
EnableWindow
keybd_event
GetForegroundWindow
GetFocus
SetWindowPos
SystemParametersInfoW
SetForegroundWindow
BringWindowToTop
SetActiveWindow
SetFocus
SendMessageA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
MessageBoxW
MessageBoxA
GetDesktopWindow
IsWindowUnicode
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
SendMessageW

advapi32

RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegCloseKey
DeleteService
QueryServiceStatus
ControlService
ChangeServiceConfigW
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CreateServiceW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

shell32

ShellExecuteW
ShellExecuteA

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c42585af9aeb7240ec16d23cb79105c7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 4KB - Virtual size: 1008B

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 4KB - Virtual size: 1008B