3556ae598c944ef0bca72cb352285151_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3556ae598c944ef0bca72cb352285151_JaffaCakes118
Size

382KB
MD5

3556ae598c944ef0bca72cb352285151
SHA1

bc53a2c88730a63b9fce57d35a621b06df528aea
SHA256

d6b103819fb88523c34b5154836b13ac80a9097ea21160797a9a685c5c4aef95
SHA512

b18f6becbc733ff6ae4becee321c7f27fbf7ffc37444f46e03403b971c22f6be21174717f6848c16e9bc17ae166ab584ea4482a49e264138109a98b858458203
SSDEEP

3072:ao04fIGTr3hUvF7VoScZCfw8MV7dOMxqCuoIT9Lo6ZtjwtohmMY1hHv1g/bTR97l:xIT9LoSE/HvqTmTxXCOaPpb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3556ae598c944ef0bca72cb352285151_JaffaCakes118

Files

3556ae598c944ef0bca72cb352285151_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9880ca0a634bfa19163a3c703f24b519

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
SelectObject

kernel32

AddAtomA
Beep
CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
ExitProcess
ExitThread
FileTimeToSystemTime
FindAtomA
FindClose
FindFirstFileA
FindNextFileA
GetAtomNameA
GetCommandLineA
GetDriveTypeA
GetExitCodeProcess
GetModuleHandleA
GetStartupInfoA
GetTickCount
LoadLibraryA
OpenProcess
Process32Next
SetUnhandledExceptionFilter
Sleep
TerminateProcess
WinExec
WriteFile

msvcrt

_sleep
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
fclose
fflush
fopen
fprintf
fputs
fread
free
fwrite
malloc
memcmp
memcpy
memset
rand
signal
sprintf
sscanf
strcmp
strcpy
strlen
strstr

shell32

ShellExecuteA

user32

CallNextHookEx
CreateWindowExA
DestroyWindow
DispatchMessageA
FindWindowA
FindWindowExA
GetDC
GetDesktopWindow
GetDlgItem
GetKeyNameTextA
GetMessageA
GetSystemMetrics
LoadBitmapA
MessageBeep
MessageBoxA
SendMessageA
SetCursorPos
SetWindowsHookExA
ShowWindow
SystemParametersInfoA
TranslateMessage
UnhookWindowsHookEx
UpdateWindow
keybd_event

winmm

PlaySoundA
mciSendStringA

ws2_32

WSACleanup
WSASocketA
WSAStartup
accept
bind
closesocket
htons
listen
recv
select
send
shutdown

Exports

Exports

KeyEvent@12

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 77B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

RCrypter
Size: 83B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9880ca0a634bfa19163a3c703f24b519

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

shell32

user32

winmm

ws2_32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 64B

.rdata Size: 15KB - Virtual size: 15KB

.bss Size: - Virtual size: 1KB

.edata Size: 512B - Virtual size: 77B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 295KB - Virtual size: 294KB

.reloc Size: 1024B - Virtual size: 1008B

RCrypter Size: 83B - Virtual size: 4KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 15KB - Virtual size: 15KB

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 77B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 295KB - Virtual size: 294KB

.reloc
Size: 1024B - Virtual size: 1008B

RCrypter
Size: 83B - Virtual size: 4KB