330dab13b062eaf703efc6d20c0fbf0a_JaffaCakes118

General

Target

330dab13b062eaf703efc6d20c0fbf0a_JaffaCakes118
Size

224KB
MD5

330dab13b062eaf703efc6d20c0fbf0a
SHA1

7516293abfe728273a8f492b6c9e5b5f34b182c5
SHA256

6a0712601e91f390bef49234c49fec9c99bfe4ca71d52706edd86c3b859e3711
SHA512

193abcfefbf54930672027654bdf59c380d82e9bdcc5eeeea14d06e3aecbf32e825df5d71b4e34ceccd39f32bfb08a7e2a2ae8275409ff5b91cb1a47a1b127bb
SSDEEP

6144:yR8MiN6zKIVUGumSIHb7gVA1f1P/6Rir6:yR8Mis1VUxL27gViP/96

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
330dab13b062eaf703efc6d20c0fbf0a_JaffaCakes118

Files

330dab13b062eaf703efc6d20c0fbf0a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af186c8746244a7ed5f8f75239a95de1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsGetValue
VirtualAlloc
ResetEvent
GetCurrentThread
VirtualProtect
LoadLibraryA
OpenMutexA
GetProcAddress
GetModuleHandleA
GetExitCodeThread
HeapUnlock
WaitForMultipleObjects
GetPriorityClass
HeapReAlloc
GetProcessHeap
LocalReAlloc
GetLastError
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
HeapAlloc
GetCPInfo
GetOEMCP
GetLocaleInfoA
VirtualFree
GetACP
HeapFree
HeapCreate
GetSystemInfo
HeapDestroy
GetFileType
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount

user32

IsWindowVisible
GetDesktopWindow
GetDC
GetCursorPos
LoadCursorA
GetWindow
SetTimer
ReleaseDC
CreateIcon
IsIconic
SetCursorPos
GetWindowRect
SetCursor
PostMessageA
LoadIconA
IsZoomed
EnumThreadWindows
InSendMessage

gdi32

PatBlt

psapi

GetWsChanges
EnumProcesses

msvfw32

DrawDibOpen
DrawDibRealize

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af186c8746244a7ed5f8f75239a95de1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

psapi

msvfw32

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 64KB - Virtual size: 62KB

.rsrc Size: 128KB - Virtual size: 124KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 64KB - Virtual size: 62KB

.rsrc
Size: 128KB - Virtual size: 124KB