5a8a2cd6239292451c198dc3013c2898_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a8a2cd6239292451c198dc3013c2898_JaffaCakes118
Size

48KB
MD5

5a8a2cd6239292451c198dc3013c2898
SHA1

d16fb6040ad89d0f6e8e094763babfa371ae1d94
SHA256

7c293b9e0a1d64db5eeec9fc7eca92646f13e34135641be74ef5202ed8a32164
SHA512

47f46d561f3b1cfcb62e59f7f01c8559fb4a35b84b06471540fc89dbd6cb57690f170a4351e2cf0afb65a6232271827883b9ee15523378b01864dfabc683a52d
SSDEEP

768:aXJ8qyxd0RxDtcN8KkYfREsGoVAiswgzqcjP1JjMLId/G88KFgU7DmM/3uoxqnme:aXJ8Xkce7YeBiswyqIJgcY0gXERxqnB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a8a2cd6239292451c198dc3013c2898_JaffaCakes118

Files

5a8a2cd6239292451c198dc3013c2898_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d420fa851535fe72558cb11edbc600a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
RegQueryValueExA
RegEnumValueA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

user32

GetDlgItem
GetWindowTextA
LoadStringA
SetWindowPos
IsDlgButtonChecked
PeekMessageA
DialogBoxParamA
CheckDlgButton
DispatchMessageA
DestroyIcon
DestroyWindow
GetDC
MsgWaitForMultipleObjects
SetWindowTextA
SetDlgItemTextA
MessageBoxA
IsWindow
GetSysColor
EndDialog
EnableWindow
DrawTextA
SendMessageA
SetWindowLongA
CharUpperA
ReleaseDC
IsDialogMessageA
GetClientRect
TranslateMessage
CharPrevA
LoadBitmapA
SendDlgItemMessageA
wsprintfA
GetWindowLongA
GetWindowRect
ShowWindow
InvalidateRect
CreateDialogParamA
LoadImageA

gdi32

CreateSolidBrush
DeleteDC
GetDeviceCaps
BitBlt
GetTextMetricsA
CreateFontIndirectA
SetGraphicsMode
SetWindowOrgEx
ExtTextOutA
SaveDC
SetBkColor
SelectObject
SetTextColor
CreateCompatibleDC
SetViewportOrgEx
ModifyWorldTransform
DPtoLP
DeleteObject
GetObjectA
RestoreDC

advpack

RegInstall

atl

AtlMarshalPtrInProc

ntdll

NtAddAtom

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

SetEvent
InitializeCriticalSection
LocalAlloc
lstrlenA
GetTickCount
GetDiskFreeSpaceA
GetProcessHeap
InterlockedDecrement
GetSystemDirectoryA
HeapFree
lstrcatA
LocalFree
lstrcpynA
CreateEventA
lstrcmpiA
HeapAlloc
FreeLibrary
GetWindowsDirectoryA
lstrcmpA
GetModuleHandleA
CloseHandle
DisableThreadLibraryCalls
VirtualAlloc
HeapSize
lstrcpyA
LoadLibraryA
GetProcAddress
HeapReAlloc
CreateThread
InterlockedIncrement
CreateFileA
DeleteCriticalSection

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d420fa851535fe72558cb11edbc600a0

Headers

File Characteristics

Imports

advapi32

ole32

user32

gdi32

advpack

atl

ntdll

version

kernel32

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 424B

.idata Size: 46KB - Virtual size: 45KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 448B

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 424B

.idata
Size: 46KB - Virtual size: 45KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 448B