76a3e230723c77be348bea83216b4f0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76a3e230723c77be348bea83216b4f0d_JaffaCakes118
Size

315KB
MD5

76a3e230723c77be348bea83216b4f0d
SHA1

df620d74c7f5392dda38a2807e5fad9210196a71
SHA256

d6e61592f00f28d11c8a5b1e070b908bfad70db7c21b11c11fecae384c14c78f
SHA512

6ac372e9e5387b385aa9076ab1ff437443541bf24cc600e0fc90cc25e9d40e50268d4da515cf633c4f63b7932d409fb666512f75e44ced7c5b5639a40b823680
SSDEEP

6144:9XWfqcduA2nEZ4Iu2zcC3Nd88jCZ8Gx50Q:9AXcgJ3Nd88hGf0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76a3e230723c77be348bea83216b4f0d_JaffaCakes118

Files

76a3e230723c77be348bea83216b4f0d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1e04d7eeefacc2b9d5441fd7672b0ed3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
lstrcpyA
GetCurrentThreadId
WaitForSingleObject
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
lstrcmpA
GetTempPathA
GetLastError
ExitProcess
VirtualAlloc
GlobalAlloc
FreeLibrary
LoadLibraryA
VirtualQueryEx
GetThreadContext
CreateProcessA
GlobalFree
TerminateProcess
lstrlenA
VirtualFree
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetLocaleInfoA
HeapSize
HeapReAlloc
HeapAlloc
IsValidCodePage
OpenProcess
GetModuleHandleA
GetProcAddress
ResumeThread
FindAtomA
GetCommandLineA
GetStartupInfoA
RtlUnwind
VirtualQuery
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP

user32

GetWindowRect
GetCursorPos
GetFocus
EqualRect
wsprintfA
IsWindowVisible
OpenInputDesktop
GetThreadDesktop
SetThreadDesktop
FindWindowA
GetWindowThreadProcessId
ClientToScreen
CloseDesktop
InflateRect

shell32

ShellExecuteA

shlwapi

SHGetValueA

advapi32

CreateProcessAsUserA

gdi32

GetBkColor
GetBkMode

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e04d7eeefacc2b9d5441fd7672b0ed3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

advapi32

gdi32

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 268KB - Virtual size: 271KB

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 268KB - Virtual size: 271KB