4790e9b80cf88968dee770d09a657786_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4790e9b80cf88968dee770d09a657786_JaffaCakes118
Size

208KB
MD5

4790e9b80cf88968dee770d09a657786
SHA1

72b8bf8919c7b0e85913131ae8dc7e38bfcfb732
SHA256

0d8243ca55e1835c776d9f7b4eab121f84bfb6f13ed2ca33b1dadd3df07d6260
SHA512

704802e66899a4afce461e001bd77eb3ea55a27ed212b9193f985afb48095f23d6dc5329afe1185f40be5c36586bbe1d87af95a59c30ac652168ceadf53e2b17
SSDEEP

3072:7G9C5PbeIWD1qpU/AJKh/UNob1vIQqp4wSg6I+mhrZc0JRiMTv6AJm:KcPbeIr8zUGq4E6yrZxJMMTvK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4790e9b80cf88968dee770d09a657786_JaffaCakes118

Files

4790e9b80cf88968dee770d09a657786_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d7c669b4dacc91241e7d6cf98ac64c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetExitCodeProcess
GetLastError
Sleep
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetTickCount
GetTempFileNameA
GetWindowsDirectoryA
lstrcpynA
lstrcmpA
_lopen
GetSystemDirectoryA
MulDiv
GetCurrentProcess
GetVersionExA
GetTempPathA
FindFirstFileA
FindClose
FindNextFileA
GetShortPathNameA
DeleteFileA
CopyFileA
RemoveDirectoryA
SetFileAttributesA
_hread
GetFileAttributesA
MoveFileExA
GetCurrentDirectoryA
SetCurrentDirectoryA
WriteFile
VirtualFree
HeapCreate
GlobalHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
CloseHandle
GetModuleFileNameA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetOEMCP
GetACP
GetCPInfo
SetEndOfFile
GetStdHandle
SetHandleCount
SetStdHandle
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
MoveFileA
RtlUnwind
CreateFileA
GetStringTypeA
GetFileType
ReadFile
SetFilePointer
GetStringTypeW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GlobalUnlock
GlobalFree
lstrlenA
lstrcatA
WriteProfileStringA
OpenFile
_lread
_llseek
_lclose
lstrcmpiA
GetProcAddress
GetPrivateProfileStringA
WritePrivateProfileStringA
GlobalAlloc
FreeEnvironmentStringsA
GlobalLock
LoadLibraryA
FindResourceA
LoadResource
LockResource
lstrcpyA
FreeResource
FreeLibrary
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
HeapDestroy

user32

DdeConnect
DdeCreateStringHandleA
DdeFreeDataHandle
DdeUnaccessData
DdeAccessData
DdeUninitialize
DdeClientTransaction
DdeGetLastError
DdeDisconnect
DdeFreeStringHandle
DdeInitializeA
ExitWindowsEx
FindWindowA
LoadStringA
MessageBoxA
PostMessageA
GetDlgItemTextA
SetFocus
EndDialog
SetDlgItemTextA
GetDC
ReleaseDC
FillRect
GetDlgItem
InvalidateRect
ScreenToClient
OffsetRect
PeekMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
GetSysColor
CreateDialogParamA
ShowWindow
UpdateWindow
SendMessageA
GetWindow
SetWindowTextA
BeginPaint
EndPaint
GetParent
IsWindowVisible
GetDesktopWindow
GetWindowRect
MoveWindow
wsprintfA
CharUpperA
DialogBoxParamA

gdi32

CreateSolidBrush
GetObjectA
CreateFontIndirectA
DeleteObject
RemoveFontResourceA
GetDeviceCaps

advapi32

RegDeleteKeyA
DeleteService
QueryServiceStatus
ControlService
RegQueryValueExA
RegQueryValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
OpenSCManagerA
CloseServiceHandle
RegEnumKeyA
RegOpenKeyA
RegSetValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegDeleteValueA
OpenServiceA

shell32

SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA

ole32

OleUninitialize
OleInitialize
StringFromGUID2

oleaut32

LoadTypeLi

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d7c669b4dacc91241e7d6cf98ac64c9

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 5KB

.text Size: 120KB - Virtual size: 120KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 120KB - Virtual size: 120KB