36337659c6864397a8c426a68d6604ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36337659c6864397a8c426a68d6604ab_JaffaCakes118
Size

478KB
MD5

36337659c6864397a8c426a68d6604ab
SHA1

a1d94238a70a3f63405d488c703d269455b0588a
SHA256

1b0f3143061b7dba3b94aadbb8b72d1a932f00e2679153fcaab9fdfcdd154062
SHA512

d6af52b8f59f3bf60938f0eb8c4ec2e5d130715d08150aba5cdf2aee76a8a4bb5c747054e3e8f03fedf2519b88216a05fb9fd7320012e153a0f23588c1211b14
SSDEEP

12288:+9cdKDbGb/ACBaYNNlcrMyfGPTrRWWrtcdg1:+aCHCVTla90VWWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36337659c6864397a8c426a68d6604ab_JaffaCakes118

Files

36337659c6864397a8c426a68d6604ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

648a21506c30908a58b432f6820f03c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumWindowStationsA
EnumDisplaySettingsExW
GetAsyncKeyState
InflateRect
ModifyMenuA
WaitForInputIdle
ShowScrollBar
RegisterClassExA
RegisterClassA
EnumDesktopWindows
DdeCreateStringHandleW
RedrawWindow

advapi32

CryptSetProviderW
LookupAccountSidA
RegSetValueW
CryptCreateHash
CryptGenRandom
RegCreateKeyW
CryptSignHashW
RegSaveKeyA
CryptEnumProviderTypesW

kernel32

LeaveCriticalSection
GetProcAddress
GetEnvironmentStrings
HeapFree
VirtualQuery
GetSystemTimeAsFileTime
InitializeCriticalSection
GetFileType
GetTimeZoneInformation
FlushFileBuffers
EnterCriticalSection
HeapCreate
LoadLibraryA
CompareStringA
UnhandledExceptionFilter
GetSystemTime
GetStartupInfoA
FreeEnvironmentStringsW
SetFilePointer
MultiByteToWideChar
GetStringTypeA
QueryPerformanceCounter
GetOEMCP
GetCurrentProcess
GetModuleHandleA
GetCurrentProcessId
CreateMutexA
VirtualAlloc
GetCurrentThreadId
TlsAlloc
LCMapStringW
DeleteCriticalSection
HeapAlloc
HeapReAlloc
SetHandleCount
TlsSetValue
GetLastError
InterlockedExchange
SetLastError
GetVersion
TlsGetValue
SetStdHandle
GetTickCount
GetLocalTime
CloseHandle
ReadFile
GetCPInfo
ExitProcess
LCMapStringA
VirtualFree
GetModuleFileNameA
GetStdHandle
GetCurrentThread
HeapDestroy
OpenMutexA
GetCommandLineA
GetEnvironmentStringsW
IsBadWritePtr
GetACP
WriteFile
FreeEnvironmentStringsA
InterlockedDecrement
TlsFree
WideCharToMultiByte
InterlockedIncrement
GetVolumeInformationW
SetEnvironmentVariableA
TerminateProcess
GetStringTypeW
GetLogicalDriveStringsA
CompareStringW
RtlUnwind

comdlg32

FindTextA
LoadAlterBitmap

comctl32

InitCommonControlsEx

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

648a21506c30908a58b432f6820f03c1

Headers

File Characteristics

Imports

user32

advapi32

kernel32

comdlg32

comctl32

Sections

.text Size: 154KB - Virtual size: 153KB

.rdata Size: 4KB - Virtual size: 30KB

.data Size: 309KB - Virtual size: 309KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 154KB - Virtual size: 153KB

.rdata
Size: 4KB - Virtual size: 30KB

.data
Size: 309KB - Virtual size: 309KB

.rsrc
Size: 10KB - Virtual size: 9KB