820ca9371a953fca6d3be3f6b53ba86c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

820ca9371a953fca6d3be3f6b53ba86c_JaffaCakes118
Size

436KB
MD5

820ca9371a953fca6d3be3f6b53ba86c
SHA1

f2f4eca9cb566668b9d34b4ec01f7191caca4cec
SHA256

7af0456cb12443642b9326ebd63ba3493ebaa85b45e1ef36c84ed9c6accad53d
SHA512

f9398bb92a1fc5871cae50998da526f1eff707bcde57d305afa396731f49ceffd463765db4bf4f83ace4ff1d62554a44be3798ca5ed8c67645c4570d953648c1
SSDEEP

12288:4SzX1Uv44/3K8ZeyFz5o2bw7ZKZh+Kf63khP:4SzX1Uwk3h7tegw1OEUhP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
820ca9371a953fca6d3be3f6b53ba86c_JaffaCakes118

Files

820ca9371a953fca6d3be3f6b53ba86c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

223dd38d26c56e4d15fded9502371863

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetCharacterPlacementA
PolyPolygon
Arc
Ellipse
SetBkMode
CreateColorSpaceA
SetColorSpace
GetCharABCWidthsFloatA
GetEnhMetaFileBits
AbortDoc
SetICMProfileA
CreateDIBitmap

comdlg32

FindTextW
ReplaceTextA

shell32

DoEnvironmentSubstW
SHGetDesktopFolder
RealShellExecuteW
SheChangeDirExW
SHQueryRecycleBinA

user32

RegisterClipboardFormatA
UnregisterClassA
GetPriorityClipboardFormat
GetWindowContextHelpId
GetClipboardSequenceNumber
SendMessageA
IsCharLowerW
CreateWindowExA
InsertMenuItemA
GetTitleBarInfo
MessageBoxA

kernel32

GetFileType
InterlockedIncrement
GetDateFormatA
HeapAlloc
GetThreadTimes
UnhandledExceptionFilter
RemoveDirectoryW
SetCurrentDirectoryW
GetCommandLineA
WideCharToMultiByte
GetStartupInfoW
LeaveCriticalSection
TlsSetValue
InitializeCriticalSection
GetCurrentProcessId
GetModuleHandleW
EnumSystemLocalesW
SetThreadLocale
GetStringTypeA
HeapDestroy
SetEnvironmentVariableA
FreeEnvironmentStringsW
TlsGetValue
GetOEMCP
GetLastError
GetCPInfo
EnumTimeFormatsA
QueryPerformanceCounter
TlsFree
EnumSystemLocalesA
GetACP
TerminateProcess
InterlockedDecrement
EnterCriticalSection
lstrlen
GetCurrentThreadId
LCMapStringA
GetModuleFileNameW
IsDebuggerPresent
GetProcAddress
GetTickCount
ExitProcess
GetEnvironmentStringsW
GetConsoleCP
SetLastError
GetSystemTimeAsFileTime
IsValidLocale
HeapCreate
GetModuleFileNameA
InterlockedExchange
GetPrivateProfileSectionW
GetStringTypeW
LCMapStringW
RtlUnwind
SetLocaleInfoW
LoadLibraryA
GetCommandLineW
GetLocaleInfoW
GetTimeZoneInformation
TlsAlloc
CreateEventW
GetStdHandle
CompareStringA
GetStartupInfoA
HeapFree
GetPrivateProfileSectionNamesW
GetModuleHandleA
IsValidCodePage
WritePrivateProfileSectionA
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
GetLocaleInfoA
WriteFile
CompareStringW
GetEnvironmentStrings
DeleteCriticalSection
SetUnhandledExceptionFilter
GetVolumeInformationA
GlobalCompact
VirtualFree
GetTimeFormatA
DosDateTimeToFileTime
GetCurrentThread
HeapSize
MultiByteToWideChar
VirtualQuery
GetUserDefaultLCID
HeapReAlloc
SetConsoleCtrlHandler
VirtualAlloc
FreeLibrary
GetTempFileNameW
Sleep

advapi32

LookupPrivilegeValueW
CryptHashSessionKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

223dd38d26c56e4d15fded9502371863

Headers

File Characteristics

Imports

gdi32

comdlg32

shell32

user32

kernel32

advapi32

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 9KB - Virtual size: 16KB

.data Size: 280KB - Virtual size: 279KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 9KB - Virtual size: 16KB

.data
Size: 280KB - Virtual size: 279KB

.rsrc
Size: 13KB - Virtual size: 13KB