6546ec011e30e0e85d7faf0062011656_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6546ec011e30e0e85d7faf0062011656_JaffaCakes118
Size

855KB
MD5

6546ec011e30e0e85d7faf0062011656
SHA1

dec1c81276b3f87c062bcd566c28233fce73f4d9
SHA256

133c87f3d50091ebbf44f8ad081ad53991056c89e698884a5a2e694eb486b318
SHA512

154ac80280de1932bc0ba4c3170dcfef6b526d1036ec5634252e244c1d14e010fd80c6690adeb4fcc0067732a8168783888d3d9213f8f810ce78731cfe90c35c
SSDEEP

12288:KpK7YTOT+xPIHxwIJs5TtZAX7qhXW5QZoCNkf59gNo5f6JcUM:ZcxPewIJ+c7qI5QZoCNMl5ft

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6546ec011e30e0e85d7faf0062011656_JaffaCakes118

Files

6546ec011e30e0e85d7faf0062011656_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5e00f851e008724cd30948773a541500

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindow
GetSysColor
BringWindowToTop
EqualRect
MessageBeep
ReleaseDC
MsgWaitForMultipleObjects
OpenClipboard
TranslateMessage
RemoveMenu
GetParent
CallNextHookEx
GetMenu
GetSystemMetrics
SetTimer
SetWindowPos
DrawIconEx
CallWindowProcW
SetParent
DispatchMessageW

msvcrt

realloc
_CxxThrowException
_XcptFilter
_wcsnicmp
fprintf
strchr
exit
__getmainargs
__setusermatherr
__p__commode
??_V@YAXPAX@Z
time
__set_app_type

kernel32

IsBadCodePtr
LeaveCriticalSection
EnterCriticalSection
GlobalReAlloc
SetUnhandledExceptionFilter
GetStartupInfoA
lstrcmpiW
GetTickCount
IsValidCodePage
GlobalMemoryStatus
CreateSemaphoreW
GetStringTypeA
LocalAlloc
GetCommandLineA
QueryPerformanceFrequency
CompareStringW
ResumeThread
VirtualAlloc
MulDiv
HeapCreate
GetCurrentThreadId
SystemTimeToFileTime
DeleteFileW
InitializeCriticalSectionAndSpinCount
FreeResource
GetProcAddress
LoadLibraryA
GetSystemDirectoryW
GetTempFileNameW
DeleteCriticalSection
IsDebuggerPresent
VirtualQuery
GlobalSize
InitializeCriticalSection
ReleaseMutex
GetShortPathNameA
CreateFileMappingW
GetFullPathNameA
GlobalUnlock
LCMapStringW
CreateDirectoryW
GetEnvironmentVariableW
lstrcpyW
FindClose
GetModuleFileNameA
GetConsoleMode

advapi32

OpenThreadToken
RegDeleteValueW
OpenServiceW
InitializeAcl
RegSetValueExA
AdjustTokenPrivileges
RegEnumValueW

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 494KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e00f851e008724cd30948773a541500

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

kernel32

advapi32

Sections

.text Size: 147KB - Virtual size: 147KB

.rdata Size: 208KB - Virtual size: 208KB

.data Size: 494KB - Virtual size: 2.0MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 208KB - Virtual size: 208KB

.data
Size: 494KB - Virtual size: 2.0MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B