4203e7f9608803b69e9e85023c967e2b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4203e7f9608803b69e9e85023c967e2b_JaffaCakes118
Size

176KB
MD5

4203e7f9608803b69e9e85023c967e2b
SHA1

c62878e6c580ff41bbb57eea775f4e20da1eee40
SHA256

1de23c044d84530d47c29b200fde30cd164e14f85d9191d287521bf520263efb
SHA512

30cb87cf96f0018c10f5046ab8f95308c00f1232b2981291021f76441457cb08ed26dbd26fb0bde1d7b6f338069686de0d0b7fd127be792c9f03f3f8f3715fa0
SSDEEP

3072:Wyr+AVNd0irR9hwo2gdCufxwNfbIUdoFM:z+qd0ibDAufiKUA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4203e7f9608803b69e9e85023c967e2b_JaffaCakes118

Files

4203e7f9608803b69e9e85023c967e2b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95fa670205cbc9131ca74a57dcb6e472

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CreateClassMoniker
CoInitializeEx
GetRunningObjectTable
CoRevokeClassObject
CoRegisterClassObject
CoUninitialize

version

GetFileVersionInfoA
VerQueryValueA

kernel32

LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
CreateThread
SetEvent
LocalLock
OpenEventA
TerminateThread
WaitForSingleObject
SuspendThread
ResumeThread
FormatMessageA
ResetEvent
WaitForMultipleObjects
LocalFree
LocalUnlock
FindFirstChangeNotificationA
FindCloseChangeNotification
GetExitCodeThread
ReleaseMutex
CreateMutexA
GetDriveTypeA
WideCharToMultiByte
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemInfo
GetVersion
GetVersionExA
FindNextChangeNotification
InterlockedIncrement
CloseHandle
FindClose
GetDiskFreeSpaceA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
GetFileAttributesA
CreateDirectoryA
GetTempPathA
MoveFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTempFileNameA
SetUnhandledExceptionFilter
SetCurrentDirectoryA
GetCurrentDirectoryA
SetProcessWorkingSetSize
GetCurrentProcess
SetFilePointer
GetCurrentProcessId
WriteFile
GetThreadContext
VirtualQuery
IsBadWritePtr
OpenProcess
GlobalMemoryStatus
Sleep
GetCurrentThreadId
GetLastError
FlushFileBuffers
InterlockedDecrement
CreateEventA
CreateProcessA
SetErrorMode
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
SetEnvironmentVariableW
GetModuleFileNameA
GetACP
GetCPInfo
SetStdHandle
LCMapStringW
LCMapStringA
ReadFile
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
RtlUnwind
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapReAlloc
SetFileAttributesA
HeapSize
GetOEMCP
GetFileInformationByHandle
PeekNamedPipe
GetFileType
SetEndOfFile
TerminateProcess
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection

user32

PostMessageA
DestroyWindow
IsWindow
FindWindowA
DefWindowProcA
CreateWindowExA
GetSystemMetrics
RegisterClassA
GetClassInfoA
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
PostQuitMessage
PostThreadMessageA
CharNextA
CharPrevA
ReleaseDC
GetDC
SendMessageA
SetTimer

advapi32

RegCloseKey
RegOpenKeyA
RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueA
RegSetValueA
FreeSid
RegEnumKeyA
RegCreateKeyA

gdi32

GetDeviceCaps

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 1KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95fa670205cbc9131ca74a57dcb6e472

Headers

File Characteristics

Imports

ole32

version

kernel32

user32

advapi32

gdi32

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 24KB - Virtual size: 32KB

.WYCao Size: 1KB - Virtual size: 20KB

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 24KB - Virtual size: 32KB

.WYCao
Size: 1KB - Virtual size: 20KB