748aac73307bca321cfad59e2913c12e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

748aac73307bca321cfad59e2913c12e_JaffaCakes118
Size

143KB
MD5

748aac73307bca321cfad59e2913c12e
SHA1

0e4e09d409047e515b9fdc02a8a9d866e7c33c73
SHA256

0efe65fde17c38c2ec1abda4fc85f739808b954d49ce3cbb97ed6b4c932b0b27
SHA512

fa0a6f3f8ddb45169b07bfd180425370c3d1b0710db1de69073875e5af3f48982aad09b89ae03a32de3d1aea9008f256d76255987df606d1dd89f218952ab95e
SSDEEP

3072:XjMepDwAE1cPODkhGRoch227MBQUG4kDhkmX:XjMet9EyOwCp2S+JW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
748aac73307bca321cfad59e2913c12e_JaffaCakes118

Files

748aac73307bca321cfad59e2913c12e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2be2dbf064d3b71d26f35f0429c80189

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
CreateFileW
lstrcmpW
CreateEventW
DeleteCriticalSection
LoadLibraryW
HeapReAlloc
WritePrivateProfileSectionA
GlobalAlloc
GetProcAddress
GetProcessHeap
GetTempPathA
SetHandleCount
VirtualProtect
VirtualFree
GlobalSize
WaitForSingleObject
GetDriveTypeW
WritePrivateProfileSectionW
SetErrorMode
GetNumberFormatW
CreateEventA
LocalFileTimeToFileTime
lstrcpyW
GetComputerNameA
SystemTimeToFileTime
GetModuleHandleA
ExitThread
ReleaseMutex
DeleteFileW
OutputDebugStringW
GetVersionExA
FormatMessageW

msvcrt

_exit
memmove
strerror
rand
_controlfp
_CxxThrowException
wcstok
_onexit
_wcmdln
fprintf
malloc
__setusermatherr
wcsrchr
memset
_wcsnicmp
exit

user32

UnregisterClassW
CopyRect
RegisterWindowMessageW
SetDlgItemInt
DrawTextW
DrawEdge
GetMessageW
IntersectRect
SystemParametersInfoA
GetProcessWindowStation
GetSystemMenu
RegisterClassW
LoadCursorW
MsgWaitForMultipleObjects
FrameRect
SetWindowTextA
CreateDialogParamW
FillRect
PostThreadMessageW
IsWindowEnabled
PostMessageW
DefDlgProcW
wsprintfA
EnableWindow
SendDlgItemMessageW

gdi32

CreateRoundRectRgn
Rectangle
SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC
GetObjectA
ExtTextOutW
CreateCompatibleBitmap
GetTextMetricsW
SelectPalette
GetTextExtentPointW
RealizePalette
SetStretchBltMode
GetRegionData
CreatePen
StretchBlt
SetTextAlign
SetWindowExtEx
CreateBitmap
MoveToEx

tapi32

lineAddProviderW
tapiRequestMediaCallA
phoneGetLamp
MMCInitialize
lineGetIDW
lineSetAgentMeasurementPeriod
phoneShutdown
lineCompleteCall

Exports

Exports

FfdYpvvdxuJgkqeuxJfqxQx
DrrOzvb
StquAiehPztqgumUg

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2be2dbf064d3b71d26f35f0429c80189

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

tapi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 36B

.data Size: 51KB - Virtual size: 51KB

.edata Size: 39KB - Virtual size: 38KB

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 138B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 36B

.data
Size: 51KB - Virtual size: 51KB

.edata
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 138B