3203d1538ff04a61c158c761a2ff42ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3203d1538ff04a61c158c761a2ff42ce_JaffaCakes118
Size

418KB
MD5

3203d1538ff04a61c158c761a2ff42ce
SHA1

aaf254115f84344d6bb59a518dc20a01531e9769
SHA256

6d87d9a2bf282c089d30c85b46f2000e38359f503d37a650e0f64be2030a9ae1
SHA512

4726566a348e781c3e524806dc8ffe7d115defb986635cc5e12feb2881a9445a9cc086ffcd00f568d0ef848feb2a7d2862198be5bdcbf9a8c4daf73b38e58fc6
SSDEEP

12288:d4mdRFRvFA1POpRipUWmcsJCGHa3q3+h9x+HvqeVLZwS7k:emXHe2esLHaaGr+P/rm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3203d1538ff04a61c158c761a2ff42ce_JaffaCakes118

Files

3203d1538ff04a61c158c761a2ff42ce_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82c4ea4642cc66b6e049f03ee817059f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegCreateKeyA
CreateServiceW
CryptVerifySignatureW
RegEnumValueW
LookupSecurityDescriptorPartsA
RegFlushKey
CryptHashSessionKey
CryptGenRandom
LookupAccountSidA
RegReplaceKeyA

comdlg32

GetFileTitleA
FindTextA
GetOpenFileNameW
PrintDlgA
ChooseColorA
PageSetupDlgA
ReplaceTextW
LoadAlterBitmap

gdi32

GetPixel
ChoosePixelFormat
PolyDraw
SetTextColor
CreateFontIndirectW
GetRandomRgn
SetTextJustification

shell32

ExtractAssociatedIconExW
DragFinish
SHEmptyRecycleBinW
RealShellExecuteW
ExtractIconA
RealShellExecuteExW
ShellExecuteExA
ExtractIconEx
DragQueryPoint
SHFormatDrive
SHFileOperationA
SHBrowseForFolderW
SHGetSettings
SHAddToRecentDocs
SHGetFileInfoW
SHLoadInProc
ShellAboutA
FindExecutableW
SHGetPathFromIDList
SHBrowseForFolder

kernel32

LCMapStringW
SetConsoleTitleW
VirtualFree
VirtualAlloc
GetStartupInfoW
GetUserDefaultLCID
IsBadWritePtr
CompareStringA
InterlockedExchange
GetOEMCP
HeapDestroy
TlsFree
InterlockedCompareExchange
GetModuleHandleA
GetCPInfo
VirtualQuery
HeapCreate
TlsAlloc
GetProcAddress
GetCommandLineA
GetTimeZoneInformation
FreeEnvironmentStringsW
FreeEnvironmentStringsA
HeapReAlloc
SetEnvironmentVariableA
HeapSize
GetLastError
GetCurrentThread
EnumSystemLocalesA
HeapFree
GetSystemTimeAsFileTime
GetACP
GetFileTime
WriteFile
GetFileType
InitializeCriticalSection
LCMapStringA
GlobalAlloc
SetTimeZoneInformation
IsValidCodePage
TlsSetValue
SetFileTime
GetLocaleInfoA
GetPrivateProfileSectionW
LeaveCriticalSection
SetHandleCount
GetLocaleInfoW
GetStringTypeW
MultiByteToWideChar
SetThreadContext
GetCurrentProcessId
SetLastError
LoadLibraryA
LocalUnlock
GetMailslotInfo
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
GetFileSize
TerminateProcess
EnumResourceTypesA
TlsGetValue
GetCommandLineW
EnumSystemCodePagesA
GetCurrentThreadId
GetSystemInfo
DeleteCriticalSection
GetCurrentProcess
GetTimeFormatA
RtlUnwind
WideCharToMultiByte
HeapAlloc
CompareStringW
CreateDirectoryA
GetDateFormatA
GetModuleFileNameW
GetStdHandle
GetModuleFileNameA
GetStringTypeA
ExitProcess
GetStartupInfoA
VirtualProtect
SetSystemTime
GetVersionExA
EnterCriticalSection
GetEnvironmentStrings
GetEnvironmentStringsW
IsValidLocale

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82c4ea4642cc66b6e049f03ee817059f

Headers

File Characteristics

Imports

advapi32

comdlg32

gdi32

shell32

kernel32

Sections

.text Size: 133KB - Virtual size: 132KB

.data Size: 273KB - Virtual size: 272KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 133KB - Virtual size: 132KB

.data
Size: 273KB - Virtual size: 272KB

.rsrc
Size: 11KB - Virtual size: 10KB