851d576f8fa0aff8e622df317b489d23_JaffaCakes118

General

Target

851d576f8fa0aff8e622df317b489d23_JaffaCakes118
Size

261KB
MD5

851d576f8fa0aff8e622df317b489d23
SHA1

e8f98dcd6246e6a7a0eae84f75cf1086f54b6b77
SHA256

af98f7e195378e11a6994b7e7df4f4c38bfba231eae63bce34dbdfe7ec363ec1
SHA512

1c17f3f83a0d03489380e6acd6410b6dca5d9e87bce9a5269418ef40421de3c3b3467da5e5ef4e6b2e593b06293438b041de439422152d5fe6b03125eac64e3c
SSDEEP

6144:oI7MONAsBaBkFcSa7OhAijACOvDzMz9PH/ePV8ISN4yWl+Py:t7MXyaKaqAtvD+PH/eLSN2/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
851d576f8fa0aff8e622df317b489d23_JaffaCakes118

Files

851d576f8fa0aff8e622df317b489d23_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f145352d30f60b18b7c1c7c5b63e08b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
CreateThread
MoveFileW
CreateProcessW
lstrcpyW
LoadResource
SetThreadPriority
ResumeThread
WaitForMultipleObjects
WritePrivateProfileStringW
InterlockedIncrement
SuspendThread
SetEndOfFile
GlobalUnlock
GetPrivateProfileStringW
ExitProcess
FreeLibrary
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapSize
IsBadReadPtr
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
SetCurrentDirectoryW
GlobalFree
GetModuleHandleW
GetModuleFileNameW
LockResource
WideCharToMultiByte
GetFileAttributesExW
GetLogicalDrives
GetCurrentProcess
CancelWaitableTimer

user32

DestroyMenu
GetSystemMetrics
GetCursorPos
CreatePopupMenu
LoadStringW
GetWindowTextW
LoadIconW
SendDlgItemMessageW
InvalidateRect
LoadBitmapW
RegisterClassExW
GetMessageW
GetWindowRect
LoadImageW
TranslateMessage
PostThreadMessageW
SetWindowPos
SystemParametersInfoW
OffsetRect

gdi32

CreateCompatibleBitmap
SetBkColor
CreateCompatibleDC
CreateDCW
GetDeviceCaps

advapi32

LookupPrivilegeValueW
SetSecurityDescriptorDacl
RegCloseKey

oleaut32

SysFreeString
OleLoadPicture

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f145352d30f60b18b7c1c7c5b63e08b1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

Sections

.text Size: 232KB - Virtual size: 230KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 20KB - Virtual size: 18KB

.text
Size: 232KB - Virtual size: 230KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 20KB - Virtual size: 18KB