63ab5461f5c9f1c5ca36e6cf9e9dd680_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

63ab5461f5c9f1c5ca36e6cf9e9dd680_JaffaCakes118
Size

165KB
MD5

63ab5461f5c9f1c5ca36e6cf9e9dd680
SHA1

00ae86ef1c6d69b63b4432ab9fd249202c57099e
SHA256

3b23ad50000234bf5c42790f27cafacdcf1eda51c4b58b055cd9150d10b918de
SHA512

64087b075d1721f48388ac2c6dd349f0b2ad3071e5642dc705f16df168cefd990505ce640baeef4bc28e08ef8a49130aad31fb52941efa0584b9880290842c86
SSDEEP

3072:UmIosdOXnhB5+Q5wgAlVtrS8Z8cz2XUfe3tV0RS2N0Sg7ovQ/hD+CSwvTbkRiG:U9e3hmQ58Mne2XUfvbCxoIJQcTww

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63ab5461f5c9f1c5ca36e6cf9e9dd680_JaffaCakes118

Files

63ab5461f5c9f1c5ca36e6cf9e9dd680_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57a5042e0fe90eecf48b56318379d36b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoTaskMemRealloc

kernel32

SetUnhandledExceptionFilter
GetCommandLineA
VirtualQuery
FreeLibrary
SizeofResource
VirtualAlloc
lstrlenA
GetOEMCP
CloseHandle
SetHandleInformation
GetCurrentProcess
TlsGetValue
RaiseException
HeapCreate
GetThreadLocale
VirtualFree
GetLocaleInfoA
GetStdHandle
IsBadWritePtr
LoadLibraryA
QueryPerformanceCounter
GetStringTypeA
LCMapStringA
LoadLibraryExA
TlsFree
TransmitCommChar
UnhandledExceptionFilter
HeapSize
SetHandleCount
SetLastError
IsDBCSLeadByte
HeapReAlloc
GetSystemTimeAsFileTime
FlushFileBuffers
InitializeCriticalSection
lstrcpynA
GetTickCount
WideCharToMultiByte
InterlockedExchange
GetModuleHandleA
IsBadReadPtr
LeaveCriticalSection
GetEnvironmentStringsW
FindResourceA
VirtualProtect
GetACP
EnumResourceNamesW
HeapDestroy
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetSystemInfo
GetVersionExA
ExitProcess
WriteFile
SetStdHandle
lstrcpyA
GetProcessHeap
GetCurrentThreadId
DisableThreadLibraryCalls
LoadResource
EnterCriticalSection
GetEnvironmentStrings
GetProcAddress
TlsAlloc
TerminateProcess
ExitProcess
RtlUnwind
FreeEnvironmentStringsW
LockResource
GetLastError
HeapAlloc
GetModuleFileNameA
GetStartupInfoA
FlushInstructionCache
IsBadCodePtr
lstrlenW
TlsSetValue
LCMapStringW
GetFileType
GetCPInfo
MultiByteToWideChar
GetStringTypeW
DeleteCriticalSection
SetFilePointer
FreeEnvironmentStringsA
MulDiv
lstrcmpiA
HeapFree

shlwapi

PathFindExtensionA

msimg32

AlphaBlend
TransparentBlt

advapi32

RegSetValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA

gdi32

DeleteObject
GetTextExtentPointA
GetDeviceCaps
GetTextMetricsA
SelectObject
CreateFontIndirectA

user32

ShowWindow
IsWindow
GetDialogBaseUnits
SetWindowLongA
CheckDlgButton
GetDlgItemTextA
WinHelpA
DestroyWindow
MoveWindow
GetDC
IsDialogMessageA
ReleaseDC
UnregisterClassA
GetDlgItem
SendMessageA
SetDlgItemTextA
IsDlgButtonChecked
EnableWindow
CreateDialogParamA
CharNextA

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57a5042e0fe90eecf48b56318379d36b

Headers

File Characteristics

Imports

ole32

kernel32

shlwapi

msimg32

advapi32

gdi32

user32

Sections

.text Size: 133KB - Virtual size: 132KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 26KB - Virtual size: 26KB

.crt Size: 512B - Virtual size: 72KB

.text
Size: 133KB - Virtual size: 132KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 26KB - Virtual size: 26KB

.crt
Size: 512B - Virtual size: 72KB