736d2019dbf6833e12e78214ed88686c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

736d2019dbf6833e12e78214ed88686c_JaffaCakes118
Size

108KB
MD5

736d2019dbf6833e12e78214ed88686c
SHA1

181f89642903e48d6e8224cca1c1a55ff0b671f1
SHA256

2d17bb196079d4d7c58a00e2a7434ad4367fe97079404acc8daba3182efce31e
SHA512

c122511540ec08d252f0dc60181a1ec93d042386c8cb88712b496e3c8cb17a2289185ced8092405218189f9852a961091f05322ce933000f9cddd084849851a4
SSDEEP

1536:hXZiIGdY/VMYBeIWNtluQDXg+DTg/SvEa3VOEvUB3jvXktO:hXZtD/VMjhN3rgApsa3bvUB3jk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
736d2019dbf6833e12e78214ed88686c_JaffaCakes118

Files

736d2019dbf6833e12e78214ed88686c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6e96438c01c6b8a922a0cbbafac2dbf0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
malloc
free
strlen
strcpy
fprintf
strcmp
_strnicmp
strncmp
strncpy
_strdup
sprintf
atof
memmove
strcat
memcpy
_CIlog
_CIlog10
_CIpow
floor
ceil
_CIacos
_CIasin
_CIatan

kernel32

GetModuleHandleA
HeapCreate
GetDriveTypeA
GetSystemDirectoryA
HeapDestroy
ExitProcess
LocalFree
LocalAlloc
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GetVersionExA
LoadLibraryA
GetProcAddress
DeleteCriticalSection
TerminateThread
GetCurrentThreadId
Sleep
HeapAlloc
HeapFree
GetCurrentProcessId
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
SetUnhandledExceptionFilter
GetTickCount
HeapSize
HeapReAlloc
CopyFileA
SetFileAttributesA
WriteFile
CreateFileA
ReadFile
GetFileSize
SetFilePointer
SetConsoleMode
ReadConsoleA
GetLastError
WriteConsoleA
GetNumberOfConsoleInputEvents
ReadConsoleInputA

comctl32

InitCommonControls

user32

CharLowerA
CharUpperA
MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

shlwapi

StrDupA

ole32

CoInitialize

shell32

ShellExecuteExA

Sections

.code
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e96438c01c6b8a922a0cbbafac2dbf0

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

user32

advapi32

shlwapi

ole32

shell32

Sections

.code Size: 69KB - Virtual size: 68KB

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 700B

.code
Size: 69KB - Virtual size: 68KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 700B