6946a89ab3a3d968f9531dd2523d1005_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6946a89ab3a3d968f9531dd2523d1005_JaffaCakes118
Size

265KB
MD5

6946a89ab3a3d968f9531dd2523d1005
SHA1

66f3106128a90327023d5c0a586171b631f4856a
SHA256

41bd16e8e72aad79e6b64d241082ac74a2575079f9109d9cb9a58e8f06566118
SHA512

6940a34341242a824a71d138f1e67595b92f04bfe2e5eaabcd8ad2723639876328ee4f34e814e18ae9bd740d3ec278a5a21dfa4106935b1cd5edccab0d2d0223
SSDEEP

6144:cvrKwvZRH/TkPL1VwpGbwOxE/hGqEkwzq9+M:cvrKwvP/iL1VwJa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6946a89ab3a3d968f9531dd2523d1005_JaffaCakes118

Files

6946a89ab3a3d968f9531dd2523d1005_JaffaCakes118
.exe windows:5 windows x86 arch:x86

05cd8ef54643769374eff478298b4b4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegSetValueExW
RegQueryValueExW

msvcrt

_initterm
time
__getmainargs
exit
__p__commode
_except_handler3
_c_exit

gdi32

DeleteDC
SelectObject
CreatePen
SetRectRgn
TextOutW
CreateICW
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
DialogBoxParamW
GetDesktopWindow
LoadBitmapW
GetSysColor
SystemParametersInfoW
EnableMenuItem
GetDlgItem
KillTimer
GetSystemMetrics
GetDC
UpdateWindow
IsIconic
WinHelpW
EndPaint
GetWindowRect
LoadCursorW
DispatchMessageW

kernel32

GetSystemTimes
GetNamedPipeHandleStateA
CreateNamedPipeA
HeapLock
HeapFree
HeapAlloc
OpenThread
VirtualAllocEx
UnmapViewOfFile
SetEnvironmentVariableA
GetSystemDefaultLangID
EnumSystemLocalesA
SetThreadAffinityMask
EnumSystemLanguageGroupsA
PostQueuedCompletionStatus
GetSystemTimeAdjustment
InitializeCriticalSection
CreateMutexA
GetStringTypeExA
GetThreadContext
GetCurrentProcessId
ResetEvent
InterlockedExchangeAdd
lstrlenW
SetThreadIdealProcessor
InterlockedPopEntrySList
HeapUnlock
TryEnterCriticalSection
HeapQueryInformation
SetThreadPriority
RtlMoveMemory
GetTickCount
GetCurrentDirectoryA
GetSystemTimeAsFileTime
GetQueuedCompletionStatus
CopyFileA
FreeEnvironmentStringsA
RtlZeroMemory
SetFilePointer
CreateFileA
GetSystemDefaultLCID
WaitForMultipleObjects
ExitThread
HeapWalk
EnterCriticalSection
InterlockedFlushSList
GetFileTime
CloseHandle
HeapValidate
WriteFile
CreateFileMappingA
WaitForSingleObjectEx
EnumLanguageGroupLocalesA
GetSystemTime
CreateIoCompletionPort
HeapDestroy
GetThreadPriorityBoost
GetCurrentProcess
ReadFile
SetCurrentDirectoryA
LeaveCriticalSection
RtlFillMemory
ConvertDefaultLocale
GetUserDefaultLangID
lstrcatW
InterlockedIncrement
SetThreadPriorityBoost
GetEnvironmentStringsA
HeapCreate
WaitForMultipleObjectsEx
CreateThread
MapViewOfFile
InterlockedPushEntrySList
FileTimeToLocalFileTime
InterlockedDecrement
GetEnvironmentVariableA
ConnectNamedPipe
FileTimeToSystemTime
TerminateThread
SetNamedPipeHandleState
SleepEx
SetThreadContext

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05cd8ef54643769374eff478298b4b4f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcrt

gdi32

user32

kernel32

Sections

.text Size: 171KB - Virtual size: 171KB

.data Size: 76KB - Virtual size: 76KB

.rsrc Size: 17KB - Virtual size: 548KB

.text
Size: 171KB - Virtual size: 171KB

.data
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 17KB - Virtual size: 548KB