42ef6a5eb17f20a3eea3dc28844bc763_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42ef6a5eb17f20a3eea3dc28844bc763_JaffaCakes118
Size

162KB
MD5

42ef6a5eb17f20a3eea3dc28844bc763
SHA1

d609eb11cfcff88958e02c30345b8853748e8965
SHA256

7b3d05f91260d2bec36565918dd0f187e4d427412145afe432494e3bae058f5e
SHA512

e9395c5a31a67293cdb75854efc00e205ef1d89bec2c45971402ff945ffb58933dc392b1f503a74c7dd884c98d7a2bfddf0c09e9c0b274374f847079e50b8307
SSDEEP

3072:kVoZlmAQqg9ooe0HlE8TQKpvsoxqMdeAHqYxWujNFFy8zhRTciO:Yo2AQz9ooe0HqjCsoxqMdeARWYzzvQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42ef6a5eb17f20a3eea3dc28844bc763_JaffaCakes118

Files

42ef6a5eb17f20a3eea3dc28844bc763_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f5891413bec584f5334e7ac3315a8955

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA
GetKeyState
wsprintfW
MessageBoxA
wsprintfA
CharNextA
CharLowerA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA

kernel32

ResetEvent
GlobalUnlock
CloseHandle
HeapAlloc
FlushFileBuffers
EnterCriticalSection
ExitProcess
InitializeCriticalSection
GetTickCount
GetLastError
lstrcpyA
CompareStringW
FileTimeToSystemTime
HeapReAlloc
GetTempPathA
GetThreadIOPendingFlag
GetEnvironmentVariableA
SetStdHandle
GetACP
SetEndOfFile
HeapDestroy
TransmitCommChar
Sleep
UnmapViewOfFile
GetEnvironmentStrings
IsDBCSLeadByte
IsBadReadPtr
TlsAlloc
FreeEnvironmentStringsW
WritePrivateProfileStringA
GetPriorityClass
HeapSize
CompareStringA
InterlockedDecrement
WaitForSingleObject
MultiByteToWideChar
FreeEnvironmentStringsA
IsBadWritePtr
GetCPInfo
RtlUnwind
RaiseException
DeleteCriticalSection
CreateFileW
SetUnhandledExceptionFilter
GetEnvironmentStringsW
CreateSemaphoreA
GetFullPathNameW
SetEvent
GetStringTypeW
SetLastError
GlobalFree
SetPriorityClass
GetUserDefaultLCID
CreateMutexA
GetOEMCP
GetTempFileNameA
IsBadCodePtr
CreateFileMappingA
TlsSetValue
GetTimeZoneInformation
FileTimeToLocalFileTime
EnumResourceNamesW
ReleaseSemaphore
GetCurrentThreadId
GetCurrentProcess
GetCommandLineA
lstrcmpA
GetTempPathW
WriteFile
LoadLibraryA
GetSystemTime
CreateThread
FreeLibrary
OutputDebugStringA
GetProcAddress
TerminateProcess
LoadLibraryW
TlsGetValue
GetThreadPriority
LeaveCriticalSection
ExitProcess
GetModuleHandleA
InterlockedIncrement
GetStringTypeA
UnhandledExceptionFilter
GetFileType
GetModuleFileNameA
InterlockedExchange
GetStdHandle
LCMapStringW
GlobalAlloc
LCMapStringA
WideCharToMultiByte
GetFullPathNameA
HeapCreate
HeapFree
lstrcmpW
GetPrivateProfileStringA
TlsFree
SetHandleCount
ExitThread
GetStartupInfoA
GetDiskFreeSpaceExA
MapViewOfFile
SetEnvironmentVariableA

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathAddBackslashA

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5891413bec584f5334e7ac3315a8955

Headers

File Characteristics

Imports

user32

advapi32

kernel32

msimg32

shlwapi

Sections

.text Size: 134KB - Virtual size: 133KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 23KB - Virtual size: 22KB

.crt Size: 512B - Virtual size: 72KB

.text
Size: 134KB - Virtual size: 133KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 23KB - Virtual size: 22KB

.crt
Size: 512B - Virtual size: 72KB