8a5df010b2a8e69d1388870252d9f621_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a5df010b2a8e69d1388870252d9f621_JaffaCakes118
Size

75KB
MD5

8a5df010b2a8e69d1388870252d9f621
SHA1

17f654f93ea1497cc9e98363c6d63a2b61407158
SHA256

5eb879284e27d5a53cd68aaa2d9f49e1898c4d3e6d24e139d55772bc10c0109d
SHA512

ebbd8e18a132b9aa3132d15142361e61e82b95fef26ebe4c6c38480e97ee22aa94d7142302a1fd9b741f72a1e430a51d54b100e55b35f309116d0a59a1c8677c
SSDEEP

1536:+uKOo5Ma3KCNSjijie1BEoCYV2FxAsweOfNiwWx84:+uKOoF6CNSE+oCFYB3Fiwv4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a5df010b2a8e69d1388870252d9f621_JaffaCakes118

Files

8a5df010b2a8e69d1388870252d9f621_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d55383f2f3bb49990283ca987bae8e4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowTextW
SetWindowPos
RegisterWindowMessageW
IsZoomed
SetClassLongW
GetWindowThreadProcessId
GetDlgItem
IsIconic
FindWindowExW
DestroyIcon
GetClassNameW
GetMenuItemCount

ulib

?ChangeScreenSize@SCREEN@@QAEEGGPAE@Z
?SetFileName@FSN_FILTER@@QAEEPBD@Z
??1BYTE_STREAM@@UAE@XZ
?SetOemConversions@WSTRING@@SGXXZ
?Replace@WSTRING@@QAEEKKPBV1@KK@Z
?DisplayMsg@MESSAGE@@QAEEK@Z
?SetXon@COMM_DEVICE@@QAEEE@Z
?Initialize@PATH@@QAEEPBV1@E@Z
?Initialize@MEM_BLOCK_MGR@@QAEEKK@Z
??0MEM_BLOCK_MGR@@QAE@XZ
?Cast@SCREEN@@SGPAV1@PBVOBJECT@@@Z
??0OBJECT@@QAE@ABV0@@Z
??4BDSTRING@@QAEAAV0@ABV0@@Z
??0REST_OF_LINE_ARGUMENT@@QAE@XZ

kernel32

IsProcessorFeaturePresent
SetupComm
GetTickCount
SleepEx
QueryPerformanceFrequency
TerminateThread
GetCommState
InterlockedDecrement
InterlockedExchangeAdd
UnlockFile
VirtualBufferExceptionHandler

advapi32

AllocateAndInitializeSid
RegDeleteValueW
QueryServiceStatus
RegCloseKey
SetTokenInformation
RegSetValueExW
RegDeleteKeyW
LookupPrivilegeValueW
GetTokenInformation
CreateProcessAsUserW
RegOpenKeyW

msvcrt

_initterm
strtol
_exit
wcscmp
fopen
_strlwr
_wfopen
wcscat
fgets
_snwprintf
wcsncmp

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d55383f2f3bb49990283ca987bae8e4f

Headers

File Characteristics

Imports

user32

ulib

kernel32

advapi32

msvcrt

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.bss Size: - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1008B

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.bss
Size: - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1008B