4d94aaa4631913325032f6201cd141ee_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4d94aaa4631913325032f6201cd141ee_JaffaCakes118
Size

2.0MB
MD5

4d94aaa4631913325032f6201cd141ee
SHA1

e1eb752c578f78e6b39a2b060323088f7befb59c
SHA256

dbcf2a0d20e642902ee4a734c5bf7f68c6ab797d4ce602e15423b85cd3e0af99
SHA512

d38c489258fb6a500a61a0d7f33f468282a1669baa0bb2e90cf33a2dc979346f19d30529e594e10157657f42af71dd2183c0e037c8fd75e3af7c533cb76c37bb
SSDEEP

49152:J9Nlpu9OPjnniZpjB49m4rnFUlJHGonEjySnyxP9u6CY:J9TpuanWpjBd5JbnEjpnSPk6CY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d94aaa4631913325032f6201cd141ee_JaffaCakes118

Files

4d94aaa4631913325032f6201cd141ee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2cbaa9b494391cb0f5343000047c831c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegEnumKeyExW

user32

DefWindowProcA
GetDlgItemTextW
SetCapture
CheckDlgButton
PostMessageW
GetThreadDesktop
GetCapture
GetWindowTextLengthW

kernel32

FindNextFileA
ExitProcess
GetVersion
GetCommandLineA
GetLastError
GetCurrentProcess
ExpandEnvironmentStringsA
VirtualAlloc
GetTempFileNameA
VirtualFree
FreeEnvironmentStringsW
InterlockedIncrement
GetTickCount
LockResource
GetModuleHandleA
GetModuleFileNameA
GetVersion
GetModuleFileNameA
VirtualAlloc
GetCurrentProcess
GetCommandLineA
GetTickCount
VirtualFree
GetModuleHandleA
GetModuleFileNameW
ExitProcess
GetLastError

msvcrt

sprintf
_c_exit
wcschr
_purecall

gdi32

CreateFontIndirectA
StretchDIBits
CreatePen
DeleteObject
AngleArc
BitBlt
PlayMetaFile
RectVisible
CreateCompatibleBitmap
GetNearestPaletteIndex
GetDeviceCaps
LPtoDP
CreatePen
Ellipse
AngleArc
OffsetRgn
GetClipRgn
ExtTextOutA
GetTextExtentPointA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

ntdll

RtlExpandEnvironmentStrings_U
NtCreateSection
NtSetEvent
RtlInitializeSid
NtOpenFile
RtlAddAce
NtQuerySymbolicLinkObject
RtlUnicodeToOemN
RtlCopyUnicodeString
RtlSetEnvironmentVariable
RtlInitializeGenericTable
RtlValidSecurityDescriptor

ole32

OleUninitialize
CoInitialize

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 874KB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 878KB - Virtual size: 879KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ydata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2cbaa9b494391cb0f5343000047c831c

Headers

File Characteristics

Imports

advapi32

user32

kernel32

msvcrt

gdi32

version

ntdll

ole32

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 239KB - Virtual size: 241KB

.edata Size: 874KB - Virtual size: 6.3MB

.edata Size: 878KB - Virtual size: 879KB

.ydata Size: 15KB - Virtual size: 15KB

.rsrc Size: 74KB - Virtual size: 74KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 239KB - Virtual size: 241KB

.edata
Size: 874KB - Virtual size: 6.3MB

.edata
Size: 878KB - Virtual size: 879KB

.ydata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 74KB - Virtual size: 74KB