4862997b114f5f96ed9faab358d67c64_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4862997b114f5f96ed9faab358d67c64_JaffaCakes118
Size

102KB
MD5

4862997b114f5f96ed9faab358d67c64
SHA1

d59109cda6344910597f52ca1db0a7339ffdd2f8
SHA256

6e41016896a00d73661d71778f4e5e2ff42d0f41a3667f55832154aeb4e96374
SHA512

6769c60ed8db8b58bc5f950564ea76214157845291748823004e3650fb5b7d1ed581178428dc3f25141dc482e6f0348606f48481128f7decdc83ee4ca5aabc40
SSDEEP

3072:1s4VkSHq9tRP39wO14ZdYv5b6wIBgGOmrC:uSBG7SOuZKvhmBdzr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4862997b114f5f96ed9faab358d67c64_JaffaCakes118

Files

4862997b114f5f96ed9faab358d67c64_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea5cd16022d14b7c73c5c0721e594edb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

FormatMessageW
VirtualAlloc
GetVersion
CloseHandle
GetModuleFileNameW
GetCurrentProcess
GetTickCount
InterlockedCompareExchange
ExpandEnvironmentStringsA
GetCurrentThreadId
GetModuleHandleW
ExitProcess
VirtualFree
LoadLibraryA
GetStartupInfoW
GetProcAddress
WriteFile
TerminateThread
GetCurrentProcessId
InterlockedExchange
CreateThread
LocalAlloc
CreateEventW
GetSystemInfo
LockResource
UnhandledExceptionFilter
SetEvent
QueryPerformanceCounter
TerminateProcess
Sleep
LocalFree
RtlUnwind
WaitForSingleObject
SetUnhandledExceptionFilter
LoadResource
CreateFileW
GetSystemTimeAsFileTime

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

_onexit
_initterm
memcpy
_cexit
__wgetmainargs
__setusermatherr
exit
free
wcsrchr
??_U@YAPAXI@Z
_wcmdln
__set_app_type
wcsncpy
_amsg_exit
memset
__p__commode
_exit
__p__fmode
_controlfp
_adjust_fdiv
?terminate@@YAXXZ
__dllonexit
_XcptFilter
__CxxFrameHandler
??_V@YAXPAX@Z
malloc
??1type_info@@UAE@XZ

ole32

CLSIDFromProgID
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
OleInitialize
CoGetInterfaceAndReleaseStream

msafd

WSPStartup

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

gdi32

GetObjectW
DeleteDC
CreatePatternBrush
CreateCompatibleBitmap
StretchDIBits
CreateCompatibleDC
BitBlt
Rectangle
DeleteObject
StretchBlt
SelectObject
GetDeviceCaps
CreateDIBitmap
CreateDIBSection
CreateSolidBrush
CreatePen
GetDIBits

comdlg32

GetSaveFileNameW

user32

EnableWindow
CloseClipboard
PeekMessageW
DispatchMessageW
EmptyClipboard
MsgWaitForMultipleObjects
ShowScrollBar
ReleaseDC
GetSysColor
SetClipboardData
GetParent
GetCapture
GetClipboardData
TranslateMessage
PostMessageW
OpenClipboard
EnumClipboardFormats
GetDC
LoadStringW
ReleaseCapture
GetForegroundWindow
GetClientRect
SetCapture
SendMessageW
GetDesktopWindow
InvalidateRect
UpdateWindow

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea5cd16022d14b7c73c5c0721e594edb

Headers

File Characteristics

Imports

kernel32

version

msvcrt

ole32

msafd

advapi32

gdi32

comdlg32

user32

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 17KB - Virtual size: 17KB

.rsrc Size: 3KB - Virtual size: 64KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 3KB - Virtual size: 64KB