63b4917a226c81f5fd3d272dbc4c85d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

63b4917a226c81f5fd3d272dbc4c85d5_JaffaCakes118
Size

268KB
MD5

63b4917a226c81f5fd3d272dbc4c85d5
SHA1

174ab2dc292eef3c3199ebba0ee320941e9eab1d
SHA256

1e9663c3e5b34fd89c1b9c152bf0f6cc554201f94f180d481142c180f8382b46
SHA512

d7cccf9616b3d309bc48e7790873d4f212824e00d53e9c288bacc16cae01517c085b7baec770a53b99743137f8e5dd8cf8ef832ac17c80cfcdd344c5d0b9fc2b
SSDEEP

3072:HyaMSsMle5hfzQJp5MoF+pOj7sUdlNnmsQZ8VQTBfRTsMetdTNY:S9vMUfz3w9nskNmsQZ8VQTBJAMwTu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63b4917a226c81f5fd3d272dbc4c85d5_JaffaCakes118

Files

63b4917a226c81f5fd3d272dbc4c85d5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3297e4b706a245829330afc158f2ede2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
HeapCreate
HeapDestroy
GetSystemDirectoryW
GetSystemDirectoryA
TerminateProcess
FlushFileBuffers
GetVersionExA
SetCurrentDirectoryA
GetCurrentDirectoryA
CreateDirectoryA
GetCurrentProcess
FindClose
FindFirstFileA
FindNextFileA
GetProcessHeap
GetLocaleInfoA
CompareStringW
CompareStringA
WriteConsoleW
WaitForSingleObject
GetCurrentProcessId
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
GetStringTypeW
GetStringTypeA
GetStdHandle
ExitProcess
HeapReAlloc
VirtualAlloc
VirtualFree
LCMapStringW
LCMapStringA
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
SetEnvironmentVariableA
GetACP
GetCPInfo
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
CreateThread
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
GetDiskFreeSpaceA
Sleep
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetModuleHandleA
GetModuleFileNameA
OutputDebugStringA
InitializeCriticalSection
ResumeThread
InterlockedIncrement
CopyFileA
SetFileTime
GetTempPathA
GetTempFileNameA
GetFileTime
GetFileSize
GetFileInformationByHandle
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DeleteFileA
SetEvent
WriteConsoleA
CreateEventA
GetTickCount
FreeLibrary
ReadFile
CreateFileA
SetFilePointer
WriteFile
CloseHandle
GetLastError
LoadLibraryA
GetProcAddress
GetConsoleOutputCP

user32

GetCursorPos
SetWindowLongA
IsWindow
DefWindowProcA
GetWindowLongA
PostMessageA
wsprintfA
LoadCursorA
SetCursor
wsprintfW
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
DestroyWindow
UnregisterClassA
RegisterClassA
CreateWindowExA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

GetComputerInfo9x
GetUserInfo9x
IAlloc

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3297e4b706a245829330afc158f2ede2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 175KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 16KB - Virtual size: 15KB

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 176KB - Virtual size: 175KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 16KB - Virtual size: 15KB

.reloc
Size: 12KB - Virtual size: 9KB