85e054bc0e5b8fc2b908e4879d1dfa96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85e054bc0e5b8fc2b908e4879d1dfa96_JaffaCakes118
Size

194KB
MD5

85e054bc0e5b8fc2b908e4879d1dfa96
SHA1

7b65eb18d1bb2198b6ecc6b64a889aae083aa587
SHA256

65353931c0a3396cb0833e9d6d1696f08ab60a14f340e1806f74ad5fc5bd76b9
SHA512

d458ad51b5ed1cecc4b72f0476eb36b05048793280cb5b4bfe1c704f47960db3814967ca482fa050bceaba38e60f09c74d18f0263e76bb5a83b32235f4c790e0
SSDEEP

3072:HsjOs6E0yqowNS8gO6TuBsDLGgVP9bqNJ0KNNlaVJCPhDZk6b/:G0loonHMFGSlqNJ0KNKVOhu4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85e054bc0e5b8fc2b908e4879d1dfa96_JaffaCakes118

Files

85e054bc0e5b8fc2b908e4879d1dfa96_JaffaCakes118
.exe windows:5 windows x86 arch:x86

aab57a8b2bd81dc6e4f40b26a2b88fb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

RegisterClassExA
UpdateWindow
GetActiveWindow
EnumThreadWindows
GetDesktopWindow
SetCursor
GetWindowLongA
SendMessageTimeoutA
GetWindowRect
SetWindowTextA
IsWindowVisible
LoadCursorA
AdjustWindowRectEx
BringWindowToTop
SendMessageA
EnumWindows
GetClientRect
CreateWindowExA
ShowWindow

kernel32

GetStdHandle
GetEnvironmentStrings
GetCurrentProcess
QueryPerformanceCounter
SetEndOfFile
FreeEnvironmentStringsA
SetFilePointer
GetProcAddress
TlsSetValue
GetSystemTimeAsFileTime
GetPrivateProfileIntW
SetStdHandle
FlushFileBuffers
GetCurrentProcessId
GetFileAttributesW
IsValidCodePage
lstrlenW
GetConsoleOutputCP
WaitForSingleObject
GetOEMCP
GetCurrentThreadId
GlobalUnlock
ExitProcess
GlobalLock
CreateFileW
CloseHandle
HeapFree
HeapAlloc
VirtualAlloc
GetModuleFileNameA
GetAtomNameW
HeapSize
HeapReAlloc
CreateFileA
GlobalAlloc
GetLastError
WriteFile
WriteConsoleA
WriteConsoleW
GlobalDeleteAtom
TlsGetValue
IsDebuggerPresent
WritePrivateProfileStringW
GetStringTypeA
GetTickCount
GetFullPathNameW
LCMapStringA
Sleep
DeleteAtom
GetConsoleMode
GetEnvironmentStringsW
GetUserDefaultUILanguage
FreeLibrary
GetStartupInfoA
GetModuleHandleW
GetCommandLineA
VirtualFree
lstrcmpW
SetLastError
FormatMessageW
SetHandleCount
GetModuleFileNameW
GetPrivateProfileStructW
GetPrivateProfileStringW
GetFileType
GetCPInfo
SetDllDirectoryA
WideCharToMultiByte
RaiseException
GetLocaleInfoA
FreeEnvironmentStringsW
FindClose
FindFirstFileW
GetACP
MultiByteToWideChar
TlsAlloc
LCMapStringW
RtlUnwind
GetVersionExW
VirtualQuery
GetConsoleCP
HeapCreate
Sleep
GetStringTypeW
MoveFileA
LocalFree
IsSystemResumeAutomatic
FindNextFileW
TlsFree
GlobalGetAtomNameW

msvcrt

_stricmp
sprintf
strrchr
strncpy
strchr
_strlwr
strstr
_strnicmp
_vsnprintf
_snprintf

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

advapi32

CryptAcquireContextA
InitializeAcl
GetTokenInformation
InitiateSystemShutdownA
AddAccessAllowedAce
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
InitializeSecurityDescriptor
OpenProcessToken
SetSecurityDescriptorDacl
GetLengthSid

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdkx
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 174KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aab57a8b2bd81dc6e4f40b26a2b88fb5

Headers

File Characteristics

Imports

user32

kernel32

msvcrt

shell32

advapi32

Sections

.text Size: 6KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 13KB

.pdkx Size: 4KB - Virtual size: 3KB

.edata Size: 174KB - Virtual size: 183KB

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 13KB

.pdkx
Size: 4KB - Virtual size: 3KB

.edata
Size: 174KB - Virtual size: 183KB