788c409ad98d85eb3137373fdb4d9f36_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

788c409ad98d85eb3137373fdb4d9f36_JaffaCakes118
Size

869KB
MD5

788c409ad98d85eb3137373fdb4d9f36
SHA1

37c55a46659beb8d2b19df0ce0662f80e54a5b5e
SHA256

591979ebe26857b875090cde2256c726fba8602bb81660a339d8e78baae0853f
SHA512

13963676b7c1d9f709bc4c1fe237ab933006d05d8564238b3c525d43370039c28828dda24fab8258c627f147ef973ca0661394821669c40bc28be931f5f783bd
SSDEEP

24576:tfKRxNISe3qfJq7KTY0eKKroE+XN52QSl:tfKn+xekrO32fl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
788c409ad98d85eb3137373fdb4d9f36_JaffaCakes118

Files

788c409ad98d85eb3137373fdb4d9f36_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6e2e6a3b3d848a7e4ac8b60056cb76de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

LoadTypeLibEx
QueryPathOfRegTypeLi
VariantCopy
SafeArrayPutElement
VariantChangeType
SysAllocStringLen

user32

SetCaretBlinkTime
UnloadKeyboardLayout
GetUpdateRgn
LoadImageA
GetMonitorInfoW
SetWindowsHookExW
CharUpperW
GetWindowPlacement
CharUpperBuffW
BroadcastSystemMessageW
LoadKeyboardLayoutA
GetClientRect
GrayStringW
MenuItemFromPoint
OpenInputDesktop

advapi32

LookupPrivilegeValueA
RegSetValueW
RegEnumKeyExA
SetSecurityDescriptorSacl
GetSecurityDescriptorLength

ole32

CoLockObjectExternal
CoCreateInstanceEx

version

GetFileVersionInfoA

kernel32

GetHandleInformation
WriteConsoleOutputCharacterA
PrepareTape
DuplicateHandle
IsBadReadPtr
SetNamedPipeHandleState
EraseTape
GetShortPathNameW
ExitThread
ConnectNamedPipe
CreatePipe
LocalAlloc
EnumCalendarInfoA
MoveFileExA
RemoveDirectoryA
ReleaseMutex
PurgeComm
CreateDirectoryW
GetShortPathNameA
GlobalReAlloc
SetThreadAffinityMask
GetWindowsDirectoryA
_lread
GetTempPathW
SetVolumeLabelA
FindFirstFileA
SetFileAttributesA
ExitProcess
SetLastError
OpenMutexA
GetNumberFormatW
GetCommModemStatus
FindNextChangeNotification
lstrcpyA
SetFileTime
GetUserDefaultLCID
GetSystemDefaultLangID
SetThreadLocale
ReadFile
GlobalAddAtomA

msvcrt

localtime
_eof
fread
_wtoi
_wfsopen
_beginthread
_mbsnbcnt
fseek
wcstoul
_fsopen
wcscoll
fscanf
wcscat
strerror
perror
_strcmpi
_sleep
wcsncat
_i64tow
wcsncpy
_wmakepath
wctomb
vprintf
fwscanf
_mbsnbcat

Sections

.text
Size: 2KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e2e6a3b3d848a7e4ac8b60056cb76de

Headers

File Characteristics

Imports

oleaut32

user32

advapi32

ole32

version

kernel32

msvcrt

Sections

.text Size: 2KB - Virtual size: 218KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 612KB - Virtual size: 612KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 218KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 612KB - Virtual size: 612KB

.rsrc
Size: 17KB - Virtual size: 16KB