60e6f1154817b22e45a98b7a7cf6be16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60e6f1154817b22e45a98b7a7cf6be16_JaffaCakes118
Size

167KB
MD5

60e6f1154817b22e45a98b7a7cf6be16
SHA1

1f6fa4038b0e94ee75ff8b7c5c50574abe3a9dd9
SHA256

addc751a34f42aa287fbfcbfcd14a7215997d79b5ce5b9c3c4ceb56bc98a9627
SHA512

cf413e728c72b14f20bccf0973ee9eeb4741582c2c5d3019b8433b58aa42afe9c20c25178b760be48da0dc0bbc91af2ee6af09fcc1b364691d36e0774d030538
SSDEEP

3072:VCDyUX5ohkGkLBuSOflCq2Dl6efU/VTbOInO0DLmpBF/5:U2UXakmlV2Dl/fUdOInOxpb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60e6f1154817b22e45a98b7a7cf6be16_JaffaCakes118

Files

60e6f1154817b22e45a98b7a7cf6be16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f24cff72b2a1b5331e51c61968b74e51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathFindExtensionA

gdi32

GetTextExtentPointA
SelectObject
GetTextMetricsA
GetDeviceCaps
DeleteObject
CreateFontIndirectA

user32

GetDialogBaseUnits
GetDC
ReleaseDC
IsDialogMessageA
GetDlgItemTextA
EnableWindow
SendMessageA
SetWindowLongA
SetDlgItemTextA
IsWindow
CheckDlgButton
ShowWindow
MoveWindow
IsDlgButtonChecked
GetDlgItem
WinHelpA
DestroyWindow
UnregisterClassA
CreateDialogParamA
CharNextA

kernel32

MultiByteToWideChar
GetACP
lstrcatA
WriteFile
UnhandledExceptionFilter
SetHandleInformation
GetLocaleInfoA
IsDBCSLeadByte
QueryPerformanceCounter
TlsGetValue
InterlockedIncrement
RaiseException
TlsSetValue
DisableThreadLibraryCalls
GetModuleHandleA
GetTickCount
FreeEnvironmentStringsA
FreeEnvironmentStringsW
TerminateProcess
VirtualProtect
TransmitCommChar
GetVersionExA
lstrcpynA
VirtualAlloc
SetFilePointer
GetSystemInfo
GetProcAddress
RtlUnwind
LoadLibraryA
SizeofResource
LoadResource
FreeLibrary
TlsFree
GetLastError
MulDiv
TlsAlloc
GetCPInfo
EnumResourceNamesW
GetOEMCP
IsBadCodePtr
GetStartupInfoA
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
IsBadReadPtr
FindResourceA
GetFileType
LCMapStringA
LCMapStringW
FlushInstructionCache
ExitProcess
HeapReAlloc
CloseHandle
InterlockedExchange
lstrcpyA
IsBadWritePtr
VirtualFree
GetEnvironmentStrings
ExitProcess
GetThreadLocale
GetStringTypeA
GetCurrentProcess
InterlockedDecrement
lstrlenW
LeaveCriticalSection
GetProcessHeap
GetStdHandle
GetCurrentProcessId
GetStringTypeW
GetModuleFileNameA
HeapDestroy
lstrcmpiA
DeleteCriticalSection
GetSystemTimeAsFileTime
lstrlenA
LoadLibraryExA
HeapCreate
LockResource
SetStdHandle
SetLastError
FlushFileBuffers
HeapAlloc
GetCommandLineA
HeapSize
EnterCriticalSection
GetEnvironmentStringsW
SetUnhandledExceptionFilter
SetHandleCount
InitializeCriticalSection
HeapFree

advapi32

RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA

ole32

CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f24cff72b2a1b5331e51c61968b74e51

Headers

File Characteristics

Imports

msimg32

shlwapi

gdi32

user32

kernel32

advapi32

ole32

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 42KB - Virtual size: 42KB

.crt Size: 512B - Virtual size: 64KB

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 42KB - Virtual size: 42KB

.crt
Size: 512B - Virtual size: 64KB