705ba3900ce140a17807473755db5e45_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

705ba3900ce140a17807473755db5e45_JaffaCakes118
Size

3.9MB
MD5

705ba3900ce140a17807473755db5e45
SHA1

f126ba177ec2d5106fc3059dc6518560ccb68ea0
SHA256

f638e3304cab7283971368f36159cc6eac0d2f81485290fe00f8e51b68768823
SHA512

4c0fdc780aaefcf79cc0a5a16c2a29e45385d0203f83428c5cb6b3640726cc8e82350fb6a8e16f8c83d07cca42057064c0c8c89aa05f846354270b47a9f5f4ab
SSDEEP

49152:FSvDMr91WNm5RKJKK1jTZ33C3QocxINLwSpO2pPjZR4FkdB/P:5r9kmTlEjTZ33+1xvpOG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
705ba3900ce140a17807473755db5e45_JaffaCakes118

Files

705ba3900ce140a17807473755db5e45_JaffaCakes118
.exe windows:4 windows x86 arch:x86

389cc1d7131b0207bd598ca8dd4aa492

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
malloc
free
memmove
modf
_CIpow
strncmp
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
_ftol
atoi
strtod
floor
_strnicmp

kernel32

GetEnvironmentVariableA
LCMapStringA
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileA
SetUnhandledExceptionFilter
GetModuleHandleA
OpenEventA
CreateEventA
SetHandleCount
SetErrorMode
GetTempPathA
LocalSize
RtlMoveMemory
CreatePipe
GetStartupInfoA
CreateProcessA
GetThreadContext
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
SetThreadContext
GetPrivateProfileStringA
WaitForSingleObject
CloseHandle
ReadFile
ResumeThread
TerminateProcess
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileSectionNamesA

gdi32

DeleteObject
SetBkMode
SetTextColor
SelectObject
CreateDIBitmap
CreateSolidBrush
CreatePatternBrush

user32

DialogBoxParamA
GetDC
ReleaseDC
GetDlgItem
SendMessageA
SetWindowTextA
SetPropA
EndDialog
GetPropA
BeginPaint
GetClientRect
FillRect
EndPaint
ScreenToClient
SetForegroundWindow
TrackPopupMenu
GetFocus
GetWindowRect
GetParent
MoveWindow
SetWindowLongA
TrackMouseEvent
GetSubMenu
CallWindowProcA
CreateWindowExA
SetWindowPos
RegisterHotKey
GetWindowTextLengthA
GetWindowTextA
ShowWindow
EnableWindow
SetMenuItemInfoA
SetFocus
MessageBoxA
wsprintfA
GetCursorPos
SetCursor
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadMenuA
LoadCursorA
LoadBitmapA
SetClassLongA
LoadIconA

shell32

ShellExecuteA

ntdll

ZwUnmapViewOfSection

shlwapi

PathFileExistsA

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.8MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

389cc1d7131b0207bd598ca8dd4aa492

Headers

File Characteristics

Imports

msvcrt

kernel32

gdi32

user32

shell32

ntdll

shlwapi

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3.8MB - Virtual size: 3.9MB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3.8MB - Virtual size: 3.9MB

.rsrc
Size: 24KB - Virtual size: 21KB