74d9c8d320dd05f4f1946e1ec8e862d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74d9c8d320dd05f4f1946e1ec8e862d4_JaffaCakes118
Size

5.8MB
MD5

74d9c8d320dd05f4f1946e1ec8e862d4
SHA1

a50aee08a6cf7048d318271470b1389e24544cc4
SHA256

805b85485c443faebe52f102969a041a12e6bc0472a262f19a162eb80eae75b0
SHA512

d52cbb8a008b1c5b513cb67e46908eb96969c1d770d1f7aedf19ccbab62990fe477173ed106956934ade35a23fc43b47980a51ca6e22b66cf261d0dda3436b20
SSDEEP

3072:MAu3B8WtlRBZh7pywgmMltOv3+xt/S4TUV26s:MZ8QlRJppgmMltOvOxtTUw6s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74d9c8d320dd05f4f1946e1ec8e862d4_JaffaCakes118

Files

74d9c8d320dd05f4f1946e1ec8e862d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ef6cf1518920166054ea1aa6abdd66f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_SetBkColor
ImageList_EndDrag
ImageList_SetOverlayImage
ImageList_BeginDrag

user32

TabbedTextOutW
GetAncestor
GetWindowTextA
LoadMenuIndirectW
CreateAcceleratorTableW
DefFrameProcW
CloseDesktop
SendMessageCallbackW
ShowCaret
DestroyCursor
TranslateMessage
GetSystemMenu
FillRect
GetMessageExtraInfo
SetClassLongA
RegisterWindowMessageW
UnregisterClassA
keybd_event
RegisterClassExW
SetWindowPos
CopyRect

oleaut32

SysStringLen
SafeArrayUnaccessData
SysFreeString
SafeArrayPutElement
VariantChangeType

kernel32

CompareStringA
LeaveCriticalSection
FreeResource
SetThreadPriorityBoost
SetHandleCount
ExitProcess
GetSystemTimeAdjustment
DeleteFiber
SetMailslotInfo
GetThreadPriority
SetVolumeLabelA
GetUserDefaultLangID
GetProfileStringA
GetCommandLineW
SetEnvironmentVariableA
GetModuleHandleA
DebugBreak
ScrollConsoleScreenBufferA
PurgeComm
GlobalAddAtomW
GetCPInfo
AllocConsole
DeleteCriticalSection
WritePrivateProfileStructA
IsDBCSLeadByteEx
GetSystemDefaultLangID
FindFirstFileW
CloseHandle
LocalFileTimeToFileTime
GetCommModemStatus
ConnectNamedPipe
OutputDebugStringW
LocalAlloc
GlobalGetAtomNameW
OpenMutexA
FlushConsoleInputBuffer
WriteProcessMemory
SetThreadLocale
SetCommTimeouts
CreateMutexA
SetEnvironmentVariableW
SetTimeZoneInformation
SetConsoleCursorPosition
WritePrivateProfileSectionA
GlobalFindAtomA
GetEnvironmentVariableW
CreateFileW
FillConsoleOutputCharacterA
ReadConsoleOutputA
GetStringTypeExW
GetFileInformationByHandle
LoadLibraryExW
GetDateFormatA
GetProfileIntA
SetConsoleOutputCP
FreeLibraryAndExitThread
EnumSystemCodePagesW
SuspendThread

ws2_32

WSAGetServiceClassNameByClassIdW
WSASetLastError
WSAAsyncGetProtoByNumber
WSALookupServiceEnd
WSASendDisconnect
WSAAddressToStringW
accept
recv

advapi32

GetNamedSecurityInfoW
CryptSignHashW
RegRestoreKeyW
OpenServiceA
RegQueryValueExA
CryptDestroyHash
GetSecurityInfo
CryptImportKey
RegSetValueExA
CryptGetKeyParam
CryptHashData
CloseEventLog
IsTextUnicode
MakeSelfRelativeSD
RegisterServiceCtrlHandlerW
SetSecurityDescriptorSacl
ClearEventLogW
RegConnectRegistryA
RegOpenKeyA
DestroyPrivateObjectSecurity
StartServiceA

Sections

.text
Size: 19KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ef6cf1518920166054ea1aa6abdd66f

Headers

File Characteristics

Imports

comctl32

user32

oleaut32

kernel32

ws2_32

advapi32

Sections

.text Size: 19KB - Virtual size: 271KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 5.5MB - Virtual size: 5.5MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 19KB - Virtual size: 271KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 5.5MB - Virtual size: 5.5MB

.rsrc
Size: 17KB - Virtual size: 16KB