43f526db6db0f8a74b4dd6ded677d0ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43f526db6db0f8a74b4dd6ded677d0ab_JaffaCakes118
Size

3.7MB
MD5

43f526db6db0f8a74b4dd6ded677d0ab
SHA1

c5b0b0d5c5e036da2d7a554f6289d789747017b8
SHA256

7c8216616e939252e9c5bb53f3564a74b788f33ab8151c2b7ce1367b82def076
SHA512

8e1dd4d583cbe8538d399ec7e8d879c2d484abfb5adeabbe3e9dd047c6f0b7fc2fe267e50dd2e86e9ef508734897da817e7847c74ea7276538d1a46f6fa4a906
SSDEEP

98304:2PFiLgHEenAfd/WGNvpxLusmddB00RngGMb:2SuEvlOCusm+AgJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43f526db6db0f8a74b4dd6ded677d0ab_JaffaCakes118

Files

43f526db6db0f8a74b4dd6ded677d0ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

215c35187ea8ee35fecb40685e1df41a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadDirectoryChangesW
VirtualAllocEx
VirtualLock
GetStartupInfoA
SetFileTime
RemoveDirectoryA
SetProcessAffinityMask
DeleteCriticalSection
SystemTimeToFileTime
GetModuleHandleA
GlobalFindAtomW
SetConsoleTitleA
GetFileInformationByHandle
GetCurrentDirectoryW
FatalAppExitA
GetCommandLineW
EnumSystemCodePagesA
VirtualProtect
GetTapeStatus
GetWindowsDirectoryA
WritePrivateProfileSectionW
GetCompressedFileSizeW
GetTempPathW
ReadFile
CreateIoCompletionPort
EnumCalendarInfoW
SetFileAttributesA
PrepareTape
FindFirstFileW
ReadFileScatter
SetCurrentDirectoryA
SetTimeZoneInformation
RaiseException
ReadConsoleOutputA
lstrcpyA
DuplicateHandle
DebugBreak
CreateDirectoryA
LoadLibraryExW
EnumResourceLanguagesW
ExitProcess

user32

UnhookWindowsHook
LoadImageW
CreateWindowStationW
SendDlgItemMessageA
GetMessageTime
GetSubMenu
DestroyMenu
UnregisterClassA
SetLastErrorEx
TrackMouseEvent
EndPaint
DrawTextExA
GetWindowContextHelpId
ShowCaret
UnionRect
CallNextHookEx
MapVirtualKeyExW
GetWindowRgn
DialogBoxIndirectParamW
CloseDesktop
ShowCursor
GetProcessWindowStation
SendMessageCallbackW
SetUserObjectInformationW
TranslateMessage
GetKeyboardLayoutNameA
LoadKeyboardLayoutW
CallWindowProcA
SetScrollRange
EnumDesktopWindows
UnregisterClassW
SetScrollPos

comctl32

ImageList_SetImageCount

advapi32

OpenSCManagerA
SetEntriesInAclW
ControlService
RegEnumValueA
LookupAccountSidA
CryptDeriveKey
RegEnumValueW
RegEnumKeyExW
ReportEventW
CryptSetProvParam
InitializeAcl
SetEntriesInAclA
RegLoadKeyW
RegRestoreKeyA
RegQueryInfoKeyW

version

VerQueryValueA

msvcrt

_isatty
_open_osfhandle
_close
_ultoa
wcstombs
_dup2
_fdopen
_tzset
fgetc
_wcsicoll
_pipe

Sections

.text
Size: 14KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

215c35187ea8ee35fecb40685e1df41a

Headers

File Characteristics

Imports

kernel32

user32

comctl32

advapi32

version

msvcrt

Sections

.text Size: 14KB - Virtual size: 233KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 3.5MB - Virtual size: 3.5MB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 14KB - Virtual size: 233KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 3.5MB - Virtual size: 3.5MB

.rsrc
Size: 19KB - Virtual size: 18KB