68be6f48786586a7f5b0b6409fe10309_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68be6f48786586a7f5b0b6409fe10309_JaffaCakes118
Size

165KB
MD5

68be6f48786586a7f5b0b6409fe10309
SHA1

9c0ae25d8ced485594cb900ffb4310e15491d38d
SHA256

459f55eaca4fd2d94c4ec0dfdba1c5fce4813cd756937aeeec047ac11ce98c27
SHA512

aa9895a72e48a8dff61672c7ca3ce2e69636e8e6e926e9a6c53f3f8a6d12180ba66817b07aa913ea71b57c192602ca588d6a001f14b4619bab00a1d1ed5d3d50
SSDEEP

3072:+EQ0CnSAIT7MnAUnHXByXs3Gq4gU6gXCWVl6VG8vIUUYr9hZoI9rj4t:fC8TYnAUnHXByifRUbXCId8mA9hfct

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68be6f48786586a7f5b0b6409fe10309_JaffaCakes118

Files

68be6f48786586a7f5b0b6409fe10309_JaffaCakes118
.exe windows:4 windows x86 arch:x86

68a2465e3dbed4cd10807b390951bc2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCloseKey
RegQueryInfoKeyA

kernel32

TlsFree
HeapSize
GetStringTypeA
IsDBCSLeadByte
lstrcpynA
GetCPInfo
SetHandleInformation
LoadLibraryExA
GetStdHandle
VirtualQuery
GetLastError
GetOEMCP
lstrlenW
RaiseException
LCMapStringW
GetProcessHeap
GetProcAddress
GetThreadLocale
DeleteCriticalSection
TransmitCommChar
GetModuleHandleA
DisableThreadLibraryCalls
EnterCriticalSection
MulDiv
SetHandleCount
FlushInstructionCache
HeapCreate
VirtualProtect
SizeofResource
InterlockedExchange
GetVersionExA
VirtualFree
HeapAlloc
lstrlenA
FreeEnvironmentStringsA
CloseHandle
LeaveCriticalSection
SetStdHandle
GetSystemTimeAsFileTime
ExitProcess
MultiByteToWideChar
GetLocaleInfoA
lstrcpyA
FlushFileBuffers
GetCurrentProcessId
GetSystemInfo
GetModuleFileNameA
EnumResourceNamesW
TlsGetValue
SetLastError
GetFileType
FindResourceA
QueryPerformanceCounter
UnhandledExceptionFilter
LoadResource
GetEnvironmentStringsW
IsBadReadPtr
GetStringTypeW
InitializeCriticalSection
RtlUnwind
LoadLibraryA
TerminateProcess
IsBadCodePtr
HeapDestroy
TlsAlloc
GetCommandLineA
LCMapStringA
InterlockedDecrement
FreeEnvironmentStringsW
ExitProcess
TlsSetValue
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
FreeLibrary
VirtualAlloc
lstrcatA
SetFilePointer
GetEnvironmentStrings
InterlockedIncrement
lstrcmpiA
WriteFile
GetStartupInfoA
WideCharToMultiByte
HeapReAlloc
GetACP
IsBadWritePtr
GetCurrentProcess
LockResource
HeapFree

user32

CreateDialogParamA
ReleaseDC
SetDlgItemTextA
DestroyWindow
EnableWindow
GetDlgItemTextA
IsDialogMessageA
MoveWindow
WinHelpA
GetDialogBaseUnits
SendMessageA
SetWindowLongA
GetDC
IsDlgButtonChecked
CheckDlgButton
UnregisterClassA
IsWindow
GetDlgItem
ShowWindow
CharNextA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc

gdi32

SelectObject
GetDeviceCaps
GetTextMetricsA
DeleteObject
GetTextExtentPointA
CreateFontIndirectA

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathFindExtensionA

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

68a2465e3dbed4cd10807b390951bc2f

Headers

File Characteristics

Imports

advapi32

kernel32

user32

ole32

gdi32

msimg32

shlwapi

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 46KB - Virtual size: 45KB

.crt Size: 512B - Virtual size: 64KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 46KB - Virtual size: 45KB

.crt
Size: 512B - Virtual size: 64KB