331e4485f2a7c1f7b3740d691c313b13_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

331e4485f2a7c1f7b3740d691c313b13_JaffaCakes118
Size

394KB
MD5

331e4485f2a7c1f7b3740d691c313b13
SHA1

773d7c2a678391857f1ea64ef0ec8ef175caef17
SHA256

0d71851bb449c5eff1b28933c6529dd64766cbeaa76fd29579772ab9d245b1e7
SHA512

89433a4b82560667e2ae804a3cfa1fac06f18119c02f36f233a5113b0596e3cb5d05de7e4bbcc658d0f12f6ef9c880f1536c3298726ad76da567f73c0817ad24
SSDEEP

12288:PuKYQaJ6b+sCbe5hxRkMM5HsPISvVyPgD:PqQaJ6bRCbe5hwMMyA2o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
331e4485f2a7c1f7b3740d691c313b13_JaffaCakes118

Files

331e4485f2a7c1f7b3740d691c313b13_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bda8b304b223c4e76a85e486ca511c5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyW

kernel32

CreateIoCompletionPort
SetNamedPipeHandleState
ReadFile
GetLocalTime
SetEnvironmentVariableA
HeapReAlloc
GetSystemTimeAdjustment
LeaveCriticalSection
HeapDestroy
WaitForSingleObject
EnumSystemLanguageGroupsA
InterlockedFlushSList
GetStringTypeA
SetThreadPriority
GetCurrentDirectoryA
CreateFileMappingA
GetEnvironmentStringsA
SetThreadIdealProcessor
WriteFileGather
VirtualAllocEx
RtlMoveMemory
InterlockedPushEntrySList
GetCurrentProcess
HeapCreate
HeapSize
CompareStringA
GetSystemTimes
GetStringTypeExA
GetFirmwareEnvironmentVariableA
ExpandEnvironmentStringsA
CreateMutexA
lstrcpynA
WriteFileEx
GetThreadPriorityBoost
HeapAlloc
TryEnterCriticalSection
SystemTimeToFileTime
SetThreadAffinityMask
DecodePointer
GetSystemDefaultUILanguage
DisconnectNamedPipe
InitializeCriticalSection
GetFileAttributesA
EncodePointer
OpenThread
FreeEnvironmentStringsA
CreateNamedPipeA
lstrcmpiW
PostQueuedCompletionStatus
EnumLanguageGroupLocalesA
SetFirmwareEnvironmentVariableA
FlushViewOfFile
GetNamedPipeInfo
HeapFree
HeapWalk
HeapSetInformation
GetQueuedCompletionStatus
GetThreadContext
lstrcpyW
PeekNamedPipe
GetThreadTimes
GetSystemDefaultLangID
SetThreadUILanguage
CreateThread
CopyFileExA
TransactNamedPipe
HeapSummary
RegisterWaitForSingleObject
HeapCompact
SetFilePointer
GetSystemDefaultLCID
EnterCriticalSection
CreateFileA
lstrcatA
InterlockedExchangeAdd
CallNamedPipeA
GetUserDefaultLCID
DeleteCriticalSection
EnumSystemLocalesA
GetSystemTime
GetThreadPriority
OpenFileMappingA
GetTickCount
ConvertDefaultLocale
InterlockedPopEntrySList
MapViewOfFile
ConnectNamedPipe
ExitThread
SetThreadExecutionState
SetThreadPriorityBoost
UnmapViewOfFile
GetCurrentThreadId

user32

GetDesktopWindow
GetWindowRect
DispatchMessageW
DialogBoxParamW
LoadIconW
ReleaseDC
DefWindowProcW
SetCapture
KillTimer
CreateWindowExW
MessageBeep
PostQuitMessage
SetDlgItemInt
LoadBitmapW
TranslateAcceleratorW
EnableMenuItem
ShowCursor
EndPaint

msvcrt

isdigit
srand
_adjust_fdiv
_c_exit
exit
_exit
time
_cexit

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bda8b304b223c4e76a85e486ca511c5f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

Sections

.text Size: 235KB - Virtual size: 235KB

.data Size: 149KB - Virtual size: 148KB

.rsrc Size: 9KB - Virtual size: 368KB

.text
Size: 235KB - Virtual size: 235KB

.data
Size: 149KB - Virtual size: 148KB

.rsrc
Size: 9KB - Virtual size: 368KB