8961696f0bd8d2a5faf9a36cc96edb10_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8961696f0bd8d2a5faf9a36cc96edb10_JaffaCakes118
Size

1009KB
MD5

8961696f0bd8d2a5faf9a36cc96edb10
SHA1

07b1f76f34fc87e17f06070716e09ecf8b373204
SHA256

f1bb95d30fac1307a2b33eb5289318c18d0629f1bba7acb8e6702c7d4e741ada
SHA512

e187db65d94a26cb9e246fe90bb7aac9ff91dfe74947c76f6525f60a68f904c741a4e8907d5d35fd4e6053c76255a27c6037c81d02ddcf304c8d5ae1a345c699
SSDEEP

24576:Dynk7lHhI+MoBW/HjrmVZFdB3D5Tn8XioUNpDDWRC4vv7VTMDWxB:Dynk7lHhI+zQ/PsRBz98XioUNpDMfvvv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8961696f0bd8d2a5faf9a36cc96edb10_JaffaCakes118

Files

8961696f0bd8d2a5faf9a36cc96edb10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

40300de15492e6c6eb4404a126ae257d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExW
GetCommandLineW
VirtualFree
FindResourceW
lstrcmpA
QueryPerformanceCounter
SetHandleCount
GetTimeZoneInformation
DeleteCriticalSection
FindResourceExW
GetCPInfo
SetLastError
GetTickCount
LoadLibraryExW
IsDBCSLeadByte
GetOEMCP
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
MultiByteToWideChar
SetUnhandledExceptionFilter
FindFirstFileW
LocalFree
SizeofResource
ExpandEnvironmentStringsA
GetFileAttributesA
HeapFree
GetModuleFileNameA
HeapAlloc
RemoveDirectoryW
TlsFree
LCMapStringW
LeaveCriticalSection
lstrlenA
GetSystemTimeAsFileTime
LocalAlloc
CreateFileA
GetStringTypeA
SetEvent
TlsGetValue
GetEnvironmentStrings
ReleaseMutex
ResumeThread
WriteFile
LCMapStringA
FormatMessageW
TlsAlloc
FreeEnvironmentStringsA
CompareStringA
HeapSize
WaitForMultipleObjects
CloseHandle
InterlockedIncrement
TerminateProcess
IsBadReadPtr
ReadFile
GetFileSize
InterlockedDecrement
GetModuleHandleA
GetFileType
HeapReAlloc
LoadLibraryA
CreateFileW
RtlUnwind
UnhandledExceptionFilter
Sleep
VirtualProtect
FreeLibrary
GetACP
lstrlenW
GetProcAddress
DisableThreadLibraryCalls
GetCommandLineA
IsValidCodePage
CreateEventW
GetProcessHeap
SetFilePointer
lstrcpynA
IsValidLocale
GetCurrentProcess
InitializeCriticalSection

gdi32

SetWindowOrgEx
DeleteObject
Escape
SelectClipRgn
RestoreDC
SelectObject
PatBlt
ExtTextOutW

msvcrt

_amsg_exit
wcstol
realloc
wcsncmp
_XcptFilter
time
_CxxThrowException
_controlfp
??0exception@@QAE@XZ
_wcsicmp
fprintf
wcsstr
__p__fmode
_purecall
_vsnprintf

user32

SendMessageA
EnumChildWindows
CallWindowProcW
EndDialog
AdjustWindowRectEx
GetMenuState
SetFocus
GetCursorPos
SetWindowsHookExW
GetSystemMenu
SetForegroundWindow
GetClientRect
GetSystemMetrics
GetMenuItemCount
EndPaint
ShowWindow
IsWindowVisible
SetDlgItemTextA
UpdateWindow
DestroyWindow
CallWindowProcA
GetWindowLongA
EnableMenuItem
MoveWindow
GetMessageA
EnableWindow
GetAsyncKeyState
SendMessageW
SetWindowPos
PeekMessageA

Sections

.text
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40300de15492e6c6eb4404a126ae257d

Headers

File Characteristics

Imports

kernel32

gdi32

msvcrt

user32

Sections

.text Size: 547KB - Virtual size: 546KB

.rdata Size: 3KB - Virtual size: 18KB

.data Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 512B - Virtual size: 80B

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 547KB - Virtual size: 546KB

.rdata
Size: 3KB - Virtual size: 18KB

.data
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 512B - Virtual size: 80B

.rsrc
Size: 3KB - Virtual size: 2KB