781627aa547d63ab7a2905b86f5819d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

781627aa547d63ab7a2905b86f5819d8_JaffaCakes118
Size

164KB
MD5

781627aa547d63ab7a2905b86f5819d8
SHA1

8a509c9a2735e96856ca54b08ee54a6ab40e345b
SHA256

f4db2449641bdc1006d773aa7a0fe3d652cdce66458227027a5ad99d5704b1ef
SHA512

40c6728724368d52aee4736fb671fd229cd1fa300930ba38236998e6bf2ceff5d2fd2d2f1d3bc2d509501cb9f863c828e75baf43e833c22a825eb4144f0e58d0
SSDEEP

3072:shi88+j9BOzVlaI5H0E+0q2Xk942+nDOkKG9xpFarw8qgjXhanQOygfMuVDkj4Fz:shi88+RB2VlXl+0qK2KOkdxpMJ9SMIEn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
781627aa547d63ab7a2905b86f5819d8_JaffaCakes118

Files

781627aa547d63ab7a2905b86f5819d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53447f8f924893aadc1e1e6fa7d31951

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

user32

CharUpperA
GetKeyState
CharNextA
wsprintfW
wsprintfA
MessageBoxA
CharLowerA

kernel32

LoadLibraryW
FreeEnvironmentStringsA
HeapDestroy
GlobalFree
lstrcmpA
GetTempPathW
IsDBCSLeadByte
GetThreadIOPendingFlag
WriteFile
GetModuleFileNameA
GetThreadPriority
UnmapViewOfFile
GetCommandLineA
GetProcAddress
CreateMutexA
FreeLibrary
MapViewOfFile
WaitForSingleObject
GetFileType
GetCPInfo
CompareStringA
GetStringTypeA
GetDiskFreeSpaceExA
FlushFileBuffers
CompareStringW
TransmitCommChar
CreateFileMappingA
GlobalUnlock
GetTempFileNameA
CreateSemaphoreA
GetCurrentProcess
HeapFree
LCMapStringW
MultiByteToWideChar
GetEnvironmentVariableA
lstrcpyA
IsBadCodePtr
ExitThread
HeapCreate
SetHandleCount
LeaveCriticalSection
GetSystemTime
HeapReAlloc
GetFullPathNameW
EnterCriticalSection
InterlockedExchange
RtlUnwind
OutputDebugStringA
TerminateProcess
GetStringTypeW
EnumResourceNamesW
DeleteCriticalSection
GetStdHandle
FileTimeToSystemTime
TlsGetValue
lstrcmpW
TlsSetValue
GetPrivateProfileStringA
TlsFree
LCMapStringA
HeapSize
ExitProcess
TlsAlloc
IsBadReadPtr
GetTempPathA
ExitProcess
HeapAlloc
GetPriorityClass
GetEnvironmentStringsW
SetEvent
CloseHandle
SetPriorityClass
ResetEvent
GetUserDefaultLCID
GetEnvironmentStrings
InitializeCriticalSection
GetFullPathNameA
ReleaseSemaphore
FreeEnvironmentStringsW
Sleep
GetModuleHandleA
GetCurrentThreadId
FileTimeToLocalFileTime
IsBadWritePtr
CreateFileW
SetUnhandledExceptionFilter
GetOEMCP
SetStdHandle
GetACP
SetEndOfFile
CreateThread
UnhandledExceptionFilter
GetStartupInfoA
SetLastError
InterlockedIncrement
WritePrivateProfileStringA
GetTimeZoneInformation
GetLastError
GlobalAlloc
LoadLibraryA
RaiseException
WideCharToMultiByte
GetTickCount
InterlockedDecrement
SetEnvironmentVariableA

shlwapi

PathAddBackslashA

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53447f8f924893aadc1e1e6fa7d31951

Headers

File Characteristics

Imports

advapi32

user32

kernel32

shlwapi

msimg32

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 26KB - Virtual size: 25KB

.crt Size: 512B - Virtual size: 72KB

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 26KB - Virtual size: 25KB

.crt
Size: 512B - Virtual size: 72KB