67dc3b4a2582022b5bc03583069d965e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67dc3b4a2582022b5bc03583069d965e_JaffaCakes118
Size

68KB
MD5

67dc3b4a2582022b5bc03583069d965e
SHA1

298412d6b846520b6f587e721472675dad1b471a
SHA256

4868f21b81c9403909ee1842ce3058ca7411784a5137d8968e76c6b26695f027
SHA512

e8b64e17780b2e8015caea728e88aa379ce548e811640a255574148c7da0750a317998ced1178f92d9b7f6b2e2448d6339ece3c7738f0973d3cc025d2a822675
SSDEEP

768:7RYuWj3+uLjg5HiOty7dU7DJaJzk4PNzNRNeU9P1+7tsvmCuAvtVsL:7RY1BALL7tQPNPaCuAvHsL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67dc3b4a2582022b5bc03583069d965e_JaffaCakes118

Files

67dc3b4a2582022b5bc03583069d965e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a49857eb4061cd9db565bdd3da2bc25

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pncrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
??2@YAPAXI@Z
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
free
_onexit
__dllonexit
time
gmtime
asctime
vsprintf
realloc
malloc
_vsnprintf
strstr
strrchr
_putenv
_itoa
_purecall
??3@YAXPAX@Z
atoi
getenv
printf
sprintf
memmove
_mbctype
strncpy
strchr
_stricmp

kernel32

SetFilePointer
GetStartupInfoA
GetFileAttributesA
GetModuleHandleA
GlobalMemoryStatus
OpenProcess
IsBadWritePtr
VirtualQuery
GetThreadContext
WriteFile
GetCurrentProcessId
CreateFileA
WaitForMultipleObjects
SetEvent
LocalFree
SetErrorMode
ReleaseMutex
CloseHandle
GetLastError
CreateMutexA
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA
FreeLibrary
WinExec
OpenMutexA
GetSystemInfo
GetVersionExA
GetVersion
GetCurrentThreadId
CreateThread
GetModuleFileNameA
SetUnhandledExceptionFilter
TerminateThread
WaitForSingleObject
GetCurrentProcess
CreateEventA
MoveFileA
DeleteFileA
SetCurrentDirectoryA
CreateDirectoryA
GetCurrentDirectoryA
SetProcessWorkingSetSize

user32

GetDC
DefWindowProcA
BeginPaint
ReleaseDC
CharNextA
GetSystemMetrics
IsWindow
KillTimer
DestroyMenu
DestroyIcon
GetSubMenu
SetTimer
PostQuitMessage
RegisterWindowMessageA
EndPaint
CreateWindowExA
ShowWindow
FindWindowA
PostMessageA
LoadCursorA
RegisterClassExA
TranslateMessage
UpdateWindow
GetMessageA
DispatchMessageA

advapi32

RegDeleteKeyA
RegCreateKeyA
RegCloseKey
FreeSid
RegEnumKeyExA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueA
RegQueryValueA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA

version

GetFileVersionInfoA
VerQueryValueA

gdi32

GetDeviceCaps

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a49857eb4061cd9db565bdd3da2bc25

Headers

File Characteristics

Imports

pncrt

kernel32

user32

advapi32

version

gdi32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 8KB - Virtual size: 5KB

.text Size: 132KB - Virtual size: 132KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 8KB - Virtual size: 5KB

.text
Size: 132KB - Virtual size: 132KB