5b41f8ab6341f3976f762d72c389a681_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b41f8ab6341f3976f762d72c389a681_JaffaCakes118
Size

247KB
MD5

5b41f8ab6341f3976f762d72c389a681
SHA1

9c05a088827087aca35d79788ce02fb4668291aa
SHA256

53e0bfc662a5ed3dafc36f94eb7e1558eff5c53c4eb7145e091b47278503cfa5
SHA512

264a7cad2af1bb839d7f530861cae10660764c4ec67dcb9fc68dbbc7f01c14ed7df8a52874dbe134f99d6ae3181781024a996ab2ee476387e216fae9a6afc1c0
SSDEEP

6144:yl0MYsJ/RAAAt7WE2cuzwMikx05JCOVgbx:a0MYO/RAAqgcuzciqCHd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b41f8ab6341f3976f762d72c389a681_JaffaCakes118

Files

5b41f8ab6341f3976f762d72c389a681_JaffaCakes118
.exe windows:5 windows x86 arch:x86

18fb9913707fe1ea94b964b23bac0e1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreateIcon
SetScrollInfo
LoadAcceleratorsA
CopyRect
GetParent
DestroyCursor
RegisterClassW
CreateMenu
InvalidateRgn
DrawMenuBar
TranslateAcceleratorA
SetForegroundWindow
UnregisterClassA
SendMessageW
PtInRect
HideCaret
PeekMessageW
ScrollDC
GetWindowLongA
IsDialogMessageW
IsWindowEnabled
ReleaseCapture
ChildWindowFromPoint
AttachThreadInput
SetWindowPlacement
IntersectRect
DispatchMessageA
OffsetRect

icmpx32r

_FNan
_FInf
_FRteps
_LPoly
_FEps
_LXbig
_FExp
_Poly
_Tolower
_Rteps
_Toupper
_Dtest
_LRteps
_Getcvt

ole32

CoTaskMemFree
OleSetClipboard
StgCreateDocfileOnILockBytes
StgCreateDocfile
OleRegGetUserType
WriteClassStm
ReadFmtUserTypeStg
StringFromGUID2
GetClassFile
ReleaseStgMedium
OleRegGetMiscStatus
OleRun

advapi32

RegOpenKeyExA
RegQueryValueExW

kernel32

SetFileAttributesW
InterlockedDecrement
FindResourceA
MultiByteToWideChar
CreateThread
WriteFile
GlobalReAlloc
FormatMessageA
GlobalAlloc
IsBadCodePtr
GetProfileIntA
SetPriorityClass
GetTimeFormatA
LockResource
HeapCreate
GetTickCount
CreateEventA
OutputDebugStringA
GetCommandLineW
GetFileSize
VirtualFree
EnterCriticalSection
GetModuleFileNameW
Sleep
lstrcpyA
SetStdHandle
GlobalMemoryStatus

ntdll

NtQuerySystemTime
NtCreateTimer
NtQueryValueKey
ZwSetEvent
NtQueryInformationFile
RtlExitUserThread
RtlCompareUnicodeString
RtlFillMemory
NtReadFile
NtProtectVirtualMemory

gdi32

GetTextColor
GetPaletteEntries
GetTextCharsetInfo
DeleteDC
GetObjectType
Escape
GetTextAlign
SetTextAlign
GetEnhMetaFileHeader
StartDocA
GetTextFaceA
SetPixel
OffsetWindowOrgEx
ExtCreatePen
GetClipRgn
Pie
SetROP2
GetBitmapBits
GetViewportOrgEx
RestoreDC
CreateFontIndirectA

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18fb9913707fe1ea94b964b23bac0e1a

Headers

DLL Characteristics

File Characteristics

Imports

user32

icmpx32r

ole32

advapi32

kernel32

ntdll

gdi32

Sections

.text Size: 50KB - Virtual size: 50KB

.data Size: 17KB - Virtual size: 16KB

.rsrc Size: 179KB - Virtual size: 180KB

.text
Size: 50KB - Virtual size: 50KB

.data
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 179KB - Virtual size: 180KB