317d63bc00016ad171bc0bd3111cafb4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

317d63bc00016ad171bc0bd3111cafb4_JaffaCakes118
Size

202KB
MD5

317d63bc00016ad171bc0bd3111cafb4
SHA1

043cbade971840fb99e7fea782c80b1768ccb002
SHA256

1bc549af6b29eb663f5a07525233b533f4f1ee68c8d1d0312f60794a534aa6c7
SHA512

08d5db0b0b99773a5f88241586d5288009b9f2257e51c1b9464a72eb1614079f39f7d93e0272ca39d6b6ece9a41d66b11b3916e072e2bea48e8bbcef9c6fa69c
SSDEEP

6144:uMHqn92BU3FPm4c5QFKr6yr3RDvsm3kfXbz:6n9Hhnw92yr3xvO/H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
317d63bc00016ad171bc0bd3111cafb4_JaffaCakes118

Files

317d63bc00016ad171bc0bd3111cafb4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e87bb4ca2b6e0e8997b120074833bebf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDlgItemTextA
GetDC
CharNextA
SetWindowPos
wsprintfA
EnableWindow
ShowWindow
PeekMessageA
SendMessageA
GetDesktopWindow
SetWindowLongA
SetWindowTextA
ExitWindowsEx
GetDlgItem
GetWindowRect
MsgWaitForMultipleObjects
SendDlgItemMessageA
CallWindowProcA
CharPrevA
MessageBoxA
EndDialog
LoadStringA
CharUpperA
SetForegroundWindow
DialogBoxIndirectParamA
SetDlgItemTextA
DispatchMessageA
MessageBeep
ReleaseDC
GetWindowLongA

kernel32

RemoveDirectoryW
GetSystemTime
CreateSemaphoreA
GetCurrentThreadId
CreateProcessA
CompareStringA
DeviceIoControl
GetPrivateProfileIntW
EnumSystemLanguageGroupsA
HeapFree
MulDiv
lstrcatA
SetHandleInformation
lstrcmpiA
HeapAlloc
CreateMutexA
CloseHandle
FindFirstFileW
SizeofResource
LockResource
DeleteFileW
FindClose
GetLastError
ReleaseMutex
GetTempFileNameW
GetSystemDirectoryW
GetUserDefaultLangID
GetFileAttributesW
lstrlenA
ResetEvent
GetStartupInfoA
GetVersionExA
VirtualFree
ReleaseSemaphore
FindNextFileW
QueryPerformanceCounter
GetFileSize
CreateFileA
FormatMessageA
SetFilePointer
SetEndOfFile
GetWindowsDirectoryA
GetPrivateProfileStringW
SetLastError
ReadFile
GetThreadLocale
FindResourceW
SetFileAttributesA
InterlockedDecrement
CreateDirectoryW
GetProcessHeap
IsBadReadPtr
IsValidCodePage
InterlockedIncrement
lstrcpynA
GetTickCount
MultiByteToWideChar
LCMapStringA
LoadResource
GetSystemDefaultLangID

gdi32

CreateFontIndirectA
GetObjectA
DeleteObject
GetStockObject

advapi32

CryptDestroyHash
RegOpenKeyExA
CryptGetHashParam
CryptAcquireContextA
RegCloseKey
CryptCreateHash
CryptHashData
RegQueryValueExA

ntdll

NtSetSecurityObject
RtlInitAnsiString
NtQueryObject
NtQuerySecurityObject
RtlEqualUnicodeString
RtlCreateSecurityDescriptor
RtlInitUnicodeString

ole32

CreateDataCache
CLSIDFromProgID
OleInitialize
CoCreateInstance

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e87bb4ca2b6e0e8997b120074833bebf

Headers

File Characteristics

Imports

user32

kernel32

gdi32

advapi32

ntdll

ole32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 97KB

.rsrc Size: 7KB - Virtual size: 6KB

.rdata Size: 170KB - Virtual size: 255KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 97KB

.rsrc
Size: 7KB - Virtual size: 6KB

.rdata
Size: 170KB - Virtual size: 255KB