5c366d70579fbaa2579b6c8294724584_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c366d70579fbaa2579b6c8294724584_JaffaCakes118
Size

187KB
MD5

5c366d70579fbaa2579b6c8294724584
SHA1

20c8e3001223c10ecef5a21559ee66c5011bca7b
SHA256

851e98746a56d6d88d5c1668a8ca2975872d778dc5b0789f2650877c86b2cffd
SHA512

77e2b0e6891b3d72c5c890e8698aa3320d1859bd1f77544cbb35385bb6cfc9e8387558376e9fef2e5955d90f046f34324686279a0cc5387cecd36a186d9c60eb
SSDEEP

3072:0/vFcjywT0n74enVFVhT8oXol3XWF37XcvmF6RzoAytqm3zcCPz13W8DnkTWD+n5:0/tcj0n7jVFVhtXol2FrXmVzoAyEHCPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c366d70579fbaa2579b6c8294724584_JaffaCakes118

Files

5c366d70579fbaa2579b6c8294724584_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c890681c23c1ee1ca55eeeab849b038f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
IsDlgButtonChecked
EnableWindow
DestroyWindow
GetDC
WinHelpA
CreateDialogParamA
SendMessageA
GetDialogBaseUnits
GetDlgItem
UnregisterClassA
CheckDlgButton
SetDlgItemTextA
SetWindowLongA
IsWindow
ReleaseDC
GetDlgItemTextA
MoveWindow
IsDialogMessageA
CharNextA

kernel32

HeapDestroy
GetTickCount
GetLocaleInfoA
SetHandleInformation
GetModuleHandleA
WideCharToMultiByte
lstrlenW
FreeLibrary
SetUnhandledExceptionFilter
FlushFileBuffers
GetFileType
GetOEMCP
GetACP
InterlockedIncrement
UnhandledExceptionFilter
MultiByteToWideChar
RtlUnwind
GetEnvironmentStringsW
TlsGetValue
HeapReAlloc
TransmitCommChar
GetVersionExA
lstrcatA
SetHandleCount
DisableThreadLibraryCalls
GetProcessHeap
FreeEnvironmentStringsA
GetCPInfo
GetCurrentThreadId
lstrcmpiA
HeapAlloc
HeapCreate
TlsSetValue
GetCurrentProcessId
VirtualAlloc
GetStringTypeW
lstrcpynA
RaiseException
WriteFile
FreeEnvironmentStringsW
ExitProcess
GetSystemTimeAsFileTime
IsBadReadPtr
InterlockedExchange
InterlockedDecrement
VirtualQuery
EnumResourceNamesW
GetEnvironmentStrings
TerminateProcess
LoadResource
IsBadCodePtr
GetCurrentProcess
VirtualFree
DeleteCriticalSection
QueryPerformanceCounter
SetLastError
LCMapStringA
EnterCriticalSection
HeapSize
GetStdHandle
GetProcAddress
LoadLibraryA
FlushInstructionCache
MulDiv
GetLastError
TlsFree
ExitProcess
InitializeCriticalSection
FindResourceA
VirtualProtect
GetCommandLineA
GetStartupInfoA
LeaveCriticalSection
SizeofResource
LockResource
GetSystemInfo
TlsAlloc
GetThreadLocale
LCMapStringW
lstrlenA
IsBadWritePtr
LoadLibraryExA
GetModuleFileNameA
SetStdHandle
IsDBCSLeadByte
SetFilePointer
CloseHandle
lstrcpyA
GetStringTypeA
HeapFree

msimg32

AlphaBlend
TransparentBlt

gdi32

GetTextExtentPointA
GetTextMetricsA
SelectObject
DeleteObject
GetDeviceCaps
CreateFontIndirectA

shlwapi

PathFindExtensionA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc

advapi32

RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c890681c23c1ee1ca55eeeab849b038f

Headers

File Characteristics

Imports

user32

kernel32

msimg32

gdi32

shlwapi

ole32

advapi32

Sections

.text Size: 154KB - Virtual size: 154KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 27KB - Virtual size: 26KB

.crt Size: 512B - Virtual size: 88KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 27KB - Virtual size: 26KB

.crt
Size: 512B - Virtual size: 88KB