4d9ca94ee24db08af87b352df37533bc_JaffaCakes118

General

Target

4d9ca94ee24db08af87b352df37533bc_JaffaCakes118
Size

112KB
MD5

4d9ca94ee24db08af87b352df37533bc
SHA1

2ec482b10d64783820c1b8ef07bd8240565cedfe
SHA256

59042d2c2365e79465c5abe323d2791eea9027a72c09f5c48fda274176794238
SHA512

ba96c6f171a6d44a4b66a72a229ba2dac9494353f0c04fa3f415cfe5b00822a000f71ed393b5ae6ad65bf674202ed95a8770707f43f781114e61020ec5d9a136
SSDEEP

1536:zdMmuBVB9ySOXfYU0wlsmnjUq1Oe0C3MJ7l6q1w:mmuBgAURBUWOe0PZD1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d9ca94ee24db08af87b352df37533bc_JaffaCakes118

Files

4d9ca94ee24db08af87b352df37533bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0faa39204de023429e6982217e3fe0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryInformationJobObject
VirtualAllocEx
GetCommandLineA
SetSystemTime
GetProcessWorkingSetSize
GlobalDeleteAtom
GetVersion
OpenEventA
GetEnvironmentVariableA
GetFileAttributesExA
GetModuleFileNameA
SetFileAttributesA
SignalObjectAndWait
OpenSemaphoreA
ExitProcess
GetStartupInfoA
GetProfileSectionA
OpenJobObjectA

user32

ReasonCodeNeedsComment
PostThreadMessageW
GetAsyncKeyState
CharLowerA
GetScrollRange
DeregisterShellHookWindow
SetClipboardData
SetCapture
LockSetForegroundWindow
SetLayeredWindowAttributes
InSendMessageEx
GetProgmanWindow
DefWindowProcA
LoadStringA
GetRawInputDeviceInfoA
IsCharUpperA
ArrangeIconicWindows
SendDlgItemMessageA

msvcrt

memcpy
_snwprintf
toupper

tapi32

lineConfigDialogEdit
lineDrop
lineCreateAgentSessionW
lineSetAgentStateEx

comdlg32

GetOpenFileNameW

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW

Exports

Exports

Agmjisfnpy
CloseGtjytde

Sections

.textbbs
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 100KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0faa39204de023429e6982217e3fe0c

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

tapi32

comdlg32

shell32

Exports

Exports

Sections

.textbbs Size: - Virtual size: 1KB

.text Size: 100KB - Virtual size: 321KB

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.textbbs
Size: - Virtual size: 1KB

.text
Size: 100KB - Virtual size: 321KB

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB