613739ff37619aadce6b9f54a56f1e26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

613739ff37619aadce6b9f54a56f1e26_JaffaCakes118
Size

83KB
MD5

613739ff37619aadce6b9f54a56f1e26
SHA1

1e0737b97d039986c6ad17208ebb000f1e5e517c
SHA256

53debf15680961ac8b89fd6cd8f5da968f39730d6914e8622162fd661cc66429
SHA512

231f983101c6d470059448a5c7ae4d7f2fd9d97a7e44ced11da2f232daea5ac71536e57ee54767d857ee8a222ed84af756a2127a16ef2239e4171baa8aed4159
SSDEEP

1536:eFh2h00tDO9vcLMCMC65y8kSFN9TvrOucJd8T6FWaPijMwo8iYBf:eQ0089vcLiR5WSFN9TTOr8WvPSMwohYl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
613739ff37619aadce6b9f54a56f1e26_JaffaCakes118

Files

613739ff37619aadce6b9f54a56f1e26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bab5029fad1cdda276e87262b097be3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

auxGetVolume

comdlg32

GetSaveFileNameA
GetOpenFileNameA

userenv

GetUserProfileDirectoryA

appmgmts

CsGetClassStorePath

ole32

CoInitialize
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoUninitialize
CoTaskMemRealloc

kernel32

GetSystemInfo
IsDBCSLeadByte
LeaveCriticalSection
lstrlenA
GetTickCount
GetLastError
CreateDirectoryA
lstrcpyA
InterlockedDecrement
FindResourceA
GetProcAddress
Sleep
HeapDestroy
InterlockedIncrement
DisableThreadLibraryCalls
GetVersionExA
VirtualAlloc
MultiByteToWideChar
SetEvent
WaitForMultipleObjects
VirtualProtect
lstrcatA
WideCharToMultiByte
lstrcpynA
GetPrivateProfileStringA
SetUnhandledExceptionFilter
CreateThread
GetCurrentProcess
LoadResource
EnterCriticalSection
QueryPerformanceCounter
lstrcmpiA
GetModuleFileNameA
GetSystemTimeAsFileTime
GetTempFileNameA
SizeofResource
GetCurrentProcessId
DeleteCriticalSection
FreeLibrary
lstrlenW
GetModuleHandleA
VirtualQuery
GetCurrentThreadId
TerminateProcess
CloseHandle
ResetEvent
LoadLibraryA
GetFileSize
LoadLibraryExA
CreateFileA
WaitForSingleObject
InitializeCriticalSection
CreateEventA
WritePrivateProfileStringA

msvcrt

_adjust_fdiv
wcsncmp
strstr
_vsnwprintf
strtok
wcslen
free
realloc
_beginthread
exit
malloc
_except_handler3
_chdir
_beep
_wtol
_purecall
_onexit
_vsnprintf

advapi32

RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
OpenProcessToken
RegCreateKeyExA
RegDeleteValueA

user32

CallNextHookEx
CharNextA
GetFocus
UnhookWindowsHookEx
MessageBoxA
CharPrevA
SetWindowsHookExA
wsprintfA
LoadStringA

Sections

.textbss
Size: - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bab5029fad1cdda276e87262b097be3a

Headers

File Characteristics

Imports

winmm

comdlg32

userenv

appmgmts

ole32

kernel32

msvcrt

advapi32

user32

Sections

.textbss Size: - Virtual size: 448KB

.idata Size: 82KB - Virtual size: 81KB

.text Size: 512B - Virtual size: 484B

.textbss
Size: - Virtual size: 448KB

.idata
Size: 82KB - Virtual size: 81KB

.text
Size: 512B - Virtual size: 484B