36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118
Size

187KB
MD5

36644e0e2f9978ca12f1ac5e713d2889
SHA1

29d2b9d97ce41bb68df1121cd54a2170fc2c782a
SHA256

0a9be1d4052365bb249cd68e98dae1207885ea1db731248adc26ee551cbaa488
SHA512

2f00d8c046cf607b581624c944362c09e55f1fe4b4ca1683cdc6da6febb1617434c6a2c373009a43b91a4d6174d10462817f3d8630e72e12f20aea5dee6415cf
SSDEEP

3072:JXKgEUQ000kvZk3mT+Q3snJ/wDTPfPMoph9cI1kKy0Otgvjo4Tk0lU2GXxE9g337:5KgY0M4mTn3sJw33hF1Po4HlMxE9gHQ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118

Files

36644e0e2f9978ca12f1ac5e713d2889_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0c41ac90a4bb9ff870643f61482dfed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
GlobalLock
GlobalAlloc
CreateToolhelp32Snapshot
GlobalReAlloc
GlobalSize
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceA
LocalAlloc
LocalFree
CreateFileA
lstrcmpA
GetFileAttributesA
GetProcAddress
GetModuleFileNameA
GetTempPathA
DeleteFileA
CloseHandle
GetCurrentDirectoryA
GetLocalTime
FindClose
FindNextFileA
FindFirstFileA
EnumResourceLanguagesA
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
GlobalHandle
IsDBCSLeadByte
GetModuleHandleA
VirtualProtect
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GlobalFree
GlobalUnlock
GetCurrentThread
lstrlenA
MulDiv
MultiByteToWideChar
FreeLibrary
RaiseException
LoadLibraryA
FormatMessageA
GetSystemDirectoryW
LoadLibraryExW
GetTickCount
GetLocaleInfoA
GetCPInfo
SetErrorMode
GetSystemDefaultLangID
GetVersion
lstrcmpiA
GetACP

user32

SetWindowLongA
DefWindowProcA
DestroyWindow
GetScrollPos
SetScrollRange
GetWindowLongA
GetParent
BringWindowToTop
GetScrollRange
UpdateWindow
ScrollWindow
SetScrollPos
GetClientRect
IntersectRect
OffsetRect
ShowCursor
MessageBeep
GetCapture
GetCursorPos
WindowFromPoint
SetCursor
SendMessageA
GetClassInfoExA

comctl32

PropertySheetA

comdlg32

GetOpenFileNameA
ChooseFontA
GetSaveFileNameA
CommDlgExtendedError

advapi32

RegQueryValueExW
RegEnumValueA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW

ole32

OleUninitialize
BindMoniker
CoCreateInstance
OleInitialize
CoGetMalloc
StringFromGUID2

shlwapi

wnsprintfA

oleaut32

DispGetIDsOfNames
DispGetIDsOfNames
VarUI4FromDec
SetErrorInfo

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0c41ac90a4bb9ff870643f61482dfed

Headers

File Characteristics

Imports

kernel32

user32

comctl32

comdlg32

advapi32

ole32

shlwapi

oleaut32

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 39KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 316B

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 39KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 316B