35df4da593f0e6dbf1520b42d93c24d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

35df4da593f0e6dbf1520b42d93c24d7_JaffaCakes118
Size

169KB
MD5

35df4da593f0e6dbf1520b42d93c24d7
SHA1

2e1de9b71ebda0b6eb537daf0d351bc3da21952d
SHA256

4472353711886bebe953005059df79f7b6a971183f9a72f6c2827ced7343f65e
SHA512

df003fc1118a9ce5e97f69273eb6e244c7fd2e32fabee9a9a629e97c0e187ba45a159a9a3a80bf6653a1215e726b3019cac4207bac489c5dac4cd6a85e3354d0
SSDEEP

3072:Y8pozB+B4MCVc52FbxAfddXhbSByeXiVrBGTmE1H1L5uS+m43+ku/:Y8poz0iMgc52QddXhbSGrIH1L5uSk3s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35df4da593f0e6dbf1520b42d93c24d7_JaffaCakes118

Files

35df4da593f0e6dbf1520b42d93c24d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad9764a2aa3f6639cc9b172ffa05667d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCreateKeyA
RegSetValueA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegEnumKeyExA

kernel32

GetCurrentProcessId
LoadLibraryA
ReleaseMutex
CreateThread
DeleteCriticalSection
LeaveCriticalSection
FindResourceA
TerminateThread
GetTapeParameters
VirtualFree
SetThreadPriority
GetACP
MultiByteToWideChar
GetSystemTime
EnterCriticalSection
GetTickCount
CreateEventA
GetThreadPriority
Sleep
LockResource
ClearCommError
WaitForMultipleObjects
QueryPerformanceCounter
CreateFileW
ResumeThread
GetProcessHeap
GetModuleFileNameW
EnumResourceNamesA
GetSystemTimeAsFileTime
IsBadWritePtr
CreateMutexA
ResetEvent
LoadLibraryW
ReleaseSemaphore
LocalFree
LoadResource
WaitForSingleObject
GetProcAddress
IsBadReadPtr
SetEvent
VirtualAlloc
GetLastError
FatalExit
InitializeCriticalSection
CloseHandle
GetModuleFileNameA
GetCurrentThread
GetSystemInfo
lstrlenA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
CreateSemaphoreA
WideCharToMultiByte
InterlockedDecrement
HeapFree
InterlockedIncrement
FreeLibrary
DisableThreadLibraryCalls
GetExitCodeThread
ExitProcess

quartz

AMGetErrorTextW

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeEndPeriod

ole32

CoFreeUnusedLibraries
CoTaskMemFree
CoRevokeClassObject
CreateItemMoniker
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
StringFromCLSID
CoUninitialize
CoInitialize
CoInitializeEx
GetRunningObjectTable
CoRegisterClassObject
CoTaskMemAlloc

shell32

SHGetSpecialFolderPathA

user32

RegisterWindowMessageA
GetMessageA
wsprintfA
CopyRect
MsgWaitForMultipleObjects
LoadStringA
GetQueueStatus
DispatchMessageA
PeekMessageA
CreateWindowExA
wvsprintfA
PostThreadMessageA
RegisterClassA
MonitorFromWindow
DestroyWindow

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad9764a2aa3f6639cc9b172ffa05667d

Headers

File Characteristics

Imports

advapi32

kernel32

quartz

winmm

ole32

shell32

user32

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 44KB - Virtual size: 44KB

.lib Size: 512B - Virtual size: 88KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 44KB - Virtual size: 44KB

.lib
Size: 512B - Virtual size: 88KB