4aa21961e341e7ade64159d0c9c6c14c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4aa21961e341e7ade64159d0c9c6c14c_JaffaCakes118
Size

72KB
MD5

4aa21961e341e7ade64159d0c9c6c14c
SHA1

8376abb62b7918e98165414aa45a38032a087c0e
SHA256

97a3bb2a25e55d298be6df73372fab88219fa6987027bc7302804e1419894505
SHA512

204d1d5828a53d35b3c97215d588c071ee71034afc1eb2b1046bdc91a7ad9ac5bed10f3f6d8ddabf27d06b1ad5e7c1c172ce35ecc52a2e6fa67d09e7f6cd431b
SSDEEP

768:PfVW47Y2cWL533ZyvGtEF/42sEjvSaMV4854TJyINxXGV2C+D11r9ndJ4HPCFS:P9L7Y5uHzeF/tjvndJyIr2+DdnS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aa21961e341e7ade64159d0c9c6c14c_JaffaCakes118

Files

4aa21961e341e7ade64159d0c9c6c14c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0b5e8bb96a074ee00b2069450d46206

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
IsTextUnicode

kernel32

lstrlenW
FormatMessageA
lstrcpyA
lstrlenA
WriteFile
GetLastError
WriteConsoleW
WideCharToMultiByte
ExitProcess
MultiByteToWideChar
GetStdHandle
GetCommandLineW
GetVersionExA
GetFileType
GetCPInfo
GetACP
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineA
GetFullPathNameA
GetFullPathNameW
GetModuleHandleA
GetPrivateProfileStringA
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetModuleFileNameA
GetModuleFileNameW
lstrcmpiA
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
ReadFile
CloseHandle
SetEvent
CreateThread
CreateEventA
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetProcAddress
LoadLibraryA
UnmapViewOfFile
CreateFileW
CreateFileA
MapViewOfFile
CreateFileMappingA
GetFileSize
HeapReAlloc

user32

RegisterClassA
CharToOemBuffA
wsprintfA
GetActiveWindow
GetClassInfoA
CreateWindowExA
GetMessageA
GetWindowLongA
SetWindowLongA
PostQuitMessage
SetTimer
DefWindowProcA
GetParent
IsWindowVisible
KillTimer
EnumThreadWindows
SendMessageA
PostMessageA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
LoadStringW
LoadStringA
wsprintfW

ole32

CoCreateInstance
MkParseDisplayName
CLSIDFromString
CoGetClassObject
CLSIDFromProgID
CreateBindCtx
CoInitialize
CoUninitialize

oleaut32

SafeArrayGetElement
SafeArrayDestroy
VariantChangeType
LoadTypeLi
SysAllocStringByteLen
VariantInit
VariantCopy
VariantClear
SysAllocString
LoadRegTypeLi
SysFreeString
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
SysStringLen
SafeArrayCreate
SafeArrayGetUBound
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetLBound

urlmon

CreateURLMoniker

imm32

ImmGetDefaultIMEWnd

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA

msvcrt

_ftol

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0b5e8bb96a074ee00b2069450d46206

Headers

File Characteristics

Imports

advapi32

kernel32

user32

ole32

oleaut32

urlmon

imm32

version

msvcrt

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 800B

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 800B

.rsrc
Size: 28KB - Virtual size: 28KB