4a771885c10b96705682e2f17eb1a424_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a771885c10b96705682e2f17eb1a424_JaffaCakes118
Size

61KB
MD5

4a771885c10b96705682e2f17eb1a424
SHA1

ab985872637121871e2f08fa773a8783c8c527d3
SHA256

599f06bb6e09d4a05093a3f25633d86d7e3231a682ce1c41f87efef9caaf8bd2
SHA512

8b74e8c9f95eefa72607a4321028ff0451bfd1403617100fd3c35d535cc46317394663fa1149ab41c73e93e885d1c12a777e8ea2ff4ac8d41f67025e9fc5d5bb
SSDEEP

1536:zxARjBMGXQ1geEg0uYCAMBc223qo45weJHc:NIxyEg0uYCAMaroT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a771885c10b96705682e2f17eb1a424_JaffaCakes118

Files

4a771885c10b96705682e2f17eb1a424_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2febcff6fd5ae4b53bc61758ab5b01ad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetPrivateProfileStructA
GetUserDefaultUILanguage
GetFileAttributesExW
LockFileEx
OpenJobObjectA
ExitProcess
GetPrivateProfileSectionA
GetLastError
GetTempFileNameW
VirtualAlloc
GetStdHandle
EndUpdateResourceW
GetCurrentDirectoryA
GetFileTime
GetStringTypeW
GetStringTypeExW
GetVolumeInformationA
GetModuleHandleA
OutputDebugStringA
LockFile
VirtualFree
SystemTimeToTzSpecificLocalTime
GetModuleFileNameA
GetAtomNameW
GetTimeZoneInformation
GetTempPathW
WriteProfileSectionA
GetProcessWorkingSetSize
WriteProfileSectionW
GetCurrencyFormatW
FindResourceExW

msvcrt

_wexecl
_loaddll
_ltow
is_wctype
??0exception@@QAE@ABQBD@Z
_mbscpy
_strnicoll
strtok
ispunct
__fpecode
_wcsset
system
iswcntrl
_wasctime
__toascii
__p__tzname
memcpy
_flsbuf
fwprintf

gdi32

SetTextColor
GetTextExtentExPointW
DeleteDC
SetRectRgn
GetTextExtentPoint32W
GetTextFaceW
ExtCreatePen
Polygon
SetDIBitsToDevice
GetTextMetricsW
GetPixel
GetBrushOrgEx
CreateRectRgnIndirect
GetCurrentObject
GetPaletteEntries
SetBrushOrgEx
SelectObject

user32

ShowWindow
GetMessageExtraInfo
TrackPopupMenu
SetWindowTextW
LoadIconA
EnableMenuItem

winmm

waveOutBreakLoop
waveInGetDevCapsA
waveOutWrite
mciExecute
joyGetDevCapsA
mmioSendMessage
auxSetVolume
joyGetPosEx
mmTaskBlock
mixerGetLineControlsW
waveOutClose
midiInGetID

Exports

Exports

KqgmxmEmbwWzlndadQqu
BsJvlgicb

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2febcff6fd5ae4b53bc61758ab5b01ad

Headers

File Characteristics

Imports

kernel32

msvcrt

gdi32

user32

winmm

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 15KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 512B - Virtual size: 56B

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 56B