74949457d8e913f2bfad943ee93cc2a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74949457d8e913f2bfad943ee93cc2a6_JaffaCakes118
Size

384KB
MD5

74949457d8e913f2bfad943ee93cc2a6
SHA1

82f84564c103d8db80d4b6dd9a571a377aa77f0d
SHA256

a962963ba80dafd27428795f54855ad8faef51c4517211479e387dcb5d97e800
SHA512

0b343c4df64a69fca46f9741e2f1bde19080fc10f7bd0525609e7d045d894688aa95edb7734b6e4910e7dc651a3fbb1c73188ea59ec10e72025ce7ec31b8a9ef
SSDEEP

6144:rm0bTr/8Ww4KxEzQKdLR4aB3EUJFp9L3cctC7jDuoWICAZfkkha7aSfaQ6g:rm0bTrBwQkKdLzB315U7YICIjhawQT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74949457d8e913f2bfad943ee93cc2a6_JaffaCakes118

Files

74949457d8e913f2bfad943ee93cc2a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

843d30db17f526aeb5397b7fb5569b13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetCommandLineW
SetEndOfFile
FindResourceW
SetLastError
GetDriveTypeA
lstrcmpiW
GlobalAlloc
QueryPerformanceCounter
FreeEnvironmentStringsW
GetLocalTime
CreateFileMappingW
SetErrorMode
InterlockedCompareExchange
GetFileType
GetOEMCP
WaitForMultipleObjects
GetConsoleMode
GetFileAttributesW
GetTickCount
LoadLibraryExA
DeleteFileW
HeapDestroy
MapViewOfFile
GetCurrentDirectoryW
ResumeThread
RaiseException
GetThreadLocale
UnhandledExceptionFilter
InterlockedDecrement
GetThreadPriority
GetCurrentThreadId
LocalAlloc
GetLastError
GetProcessHeap
GetFileAttributesA
UnmapViewOfFile
HeapSize
VirtualAlloc
GetCurrentProcess
GetVersion
InitializeCriticalSection
GetModuleHandleW
GetComputerNameW
OpenEventA
GetVersionExW
TlsGetValue
CompareStringA
GetExitCodeThread
VirtualProtect
FindResourceA
ExpandEnvironmentStringsW
GetCurrentThread
GetCurrentProcessId

msvcrt

malloc
??0exception@@QAE@ABV0@@Z
realloc
__p__osver
sprintf
_wtol
__pioinfo
strtok
_finite
_ftol
rand
fprintf
_isatty
_access
__getmainargs
wcsspn
fwrite
__p__fmode
_ltoa
ctime
_stat
_chsize
exit
_lock
_initterm
fclose
_rotr
iswdigit
strncpy
fseek
_commit
srand

user32

FillRect
GetClassNameW
GetSysColor
GetDlgCtrlID
KillTimer
InsertMenuA
TrackPopupMenu
RegisterClipboardFormatW
GetDlgItemTextA
SetFocus
UnregisterClassA
GetSysColorBrush
EnableWindow
CheckRadioButton
GetCursorPos
DialogBoxParamA
ExitWindowsEx
GetWindowRect
IsWindowEnabled
RegisterWindowMessageA
RegisterClassA
GetDC
EnumChildWindows
SetWindowTextA
IsDlgButtonChecked
CharPrevW
PostQuitMessage
GetWindow
DrawTextA
MessageBeep
UpdateWindow
GetFocus
SetWindowLongW
SetMenu
GetWindowTextW
CharUpperA
GetMenu
SetWindowRgn
CharUpperW
LoadStringA
GetClientRect
ShowWindow
MessageBoxW
GetDesktopWindow
CreateWindowExW
GetActiveWindow
LoadCursorW

Sections

.text
Size: 246KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: 512B - Virtual size: 143B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 512B - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 409B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

843d30db17f526aeb5397b7fb5569b13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 246KB - Virtual size: 245KB

.textbss Size: 512B - Virtual size: 143B

.textbss Size: 512B - Virtual size: 51KB

BSS Size: 512B - Virtual size: 409B

.rsrc Size: 135KB - Virtual size: 135KB

.text
Size: 246KB - Virtual size: 245KB

.textbss
Size: 512B - Virtual size: 143B

.textbss
Size: 512B - Virtual size: 51KB

BSS
Size: 512B - Virtual size: 409B

.rsrc
Size: 135KB - Virtual size: 135KB