825355ced31dc1165aa505b7e2b05ecb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

825355ced31dc1165aa505b7e2b05ecb_JaffaCakes118
Size

308KB
MD5

825355ced31dc1165aa505b7e2b05ecb
SHA1

6c96133dfce7a8dcbac8292487a91668caa36246
SHA256

8fe72b0f2c9083fb7aa0255ffbdb8aecbf7682fd39bfa17046c1b733c0ecdd5e
SHA512

b5700d90ebff7bfd3608feaf53ec7ac97f98246b584b027764579a5907bfb1900d91c4acde331e21ff8f07ecd6950b898b72932429af76808f080f82ee1697e1
SSDEEP

6144:Pd+U8xsnrPBGE1rIPf+5RCf5g9xPDLP+UkHVuuUMoFYmLEOmb42W3Lk8:Pd+UJnlGYMW17qUxumXLRR2IL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
825355ced31dc1165aa505b7e2b05ecb_JaffaCakes118

Files

825355ced31dc1165aa505b7e2b05ecb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

100980113ecaa4a80a64fc6722d4cfad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapReAlloc
GetUserDefaultLCID
HeapCreate
GetLastError
ReadConsoleOutputCharacterA
RtlUnwind
GetProcAddress
VirtualQuery
ExitProcess
GetStdHandle
SetLastError
LeaveCriticalSection
LoadLibraryA
TerminateProcess
GetTimeFormatA
FreeEnvironmentStringsA
SetHandleCount
LCMapStringW
IsBadWritePtr
GetCPInfo
QueryPerformanceCounter
HeapSize
MultiByteToWideChar
VirtualProtect
VirtualAlloc
OpenMutexA
OpenEventA
FindFirstFileExW
WriteFile
WideCharToMultiByte
GetTickCount
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
HeapFree
GetVersionExA
TlsSetValue
GetPrivateProfileStructA
GetEnvironmentStrings
GetLocaleInfoW
FreeEnvironmentStringsW
GetCurrentThread
CompareStringA
DebugActiveProcess
LCMapStringA
HeapDestroy
GetSystemInfo
TlsFree
WaitForMultipleObjects
GetCurrentProcessId
DeleteCriticalSection
GetFullPathNameA
GetCommandLineA
GetCurrentProcess
HeapAlloc
GetCurrentThreadId
GetTimeZoneInformation
TlsAlloc
GetModuleHandleA
GetSystemTimeAsFileTime
CompareStringW
VirtualFree
GetDateFormatA
GetModuleFileNameA
GetStringTypeA
CloseHandle
GetOEMCP
SetEnvironmentVariableA
IsValidCodePage
InterlockedExchange
TlsGetValue
GetACP
GetFileType
GetStartupInfoA
GetLocaleInfoA
EnterCriticalSection
UnhandledExceptionFilter
InitializeCriticalSection
GetEnvironmentStringsW

user32

UnregisterDeviceNotification
CallNextHookEx
AttachThreadInput
WindowFromDC
SendDlgItemMessageA
WINNLSGetEnableStatus

gdi32

GetCharWidthFloatA
PtVisible
CreateScalableFontResourceA
GetTextMetricsA
ExtSelectClipRgn
PlayMetaFileRecord
ExtFloodFill
UpdateICMRegKeyW
ExtCreatePen
CreateCompatibleDC
GetEnhMetaFileDescriptionW
GetTextCharset
EnumFontFamiliesExW
EnumObjects
StartDocW
TextOutW
SetViewportOrgEx
GetObjectType
GetStockObject
CreateDCA
GetColorAdjustment
GetAspectRatioFilterEx
SetSystemPaletteUse
PatBlt
FlattenPath

shell32

SHInvokePrinterCommandA
ShellExecuteExA
SHAddToRecentDocs
SHGetFileInfoA
SHGetNewLinkInfo

comdlg32

PageSetupDlgW
ChooseFontW
ChooseFontA
GetFileTitleA

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

100980113ecaa4a80a64fc6722d4cfad

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 8KB - Virtual size: 32KB

.data Size: 171KB - Virtual size: 171KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 8KB - Virtual size: 32KB

.data
Size: 171KB - Virtual size: 171KB

.rsrc
Size: 11KB - Virtual size: 10KB