8b5ac50d077bd398296177ed67f8d3f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b5ac50d077bd398296177ed67f8d3f9_JaffaCakes118
Size

263KB
MD5

8b5ac50d077bd398296177ed67f8d3f9
SHA1

c27a49cc33a6c3ddf02b5ba2858d752b7fb37424
SHA256

20d7e7cc05465da62df6cb323a066eb2743743b6e6911d911d8c7c4e3980c7f3
SHA512

bd1b9f7b941ee0384764fdbdad1d950bc6dfbf580317ba3b68f4eb32404a2a88966af7ee947c5dfb65a7cd3147c92c0cdda5ca403bf290413589e46e42b9600f
SSDEEP

6144:VE16YZ3BXy6avF730O6NQOYi3++8KmWFbrO335VqE:VE16YZRxavFr66KFbw35g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b5ac50d077bd398296177ed67f8d3f9_JaffaCakes118

Files

8b5ac50d077bd398296177ed67f8d3f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

078b24c81c335433ca533ddcaf637e66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtProtectVirtualMemory
ZwOpenMutant
NtQueryInformationProcess
NtSetSystemInformation
NtResumeThread
NtTraceEvent
RtlAddAce
NtReadFile
ZwSetEvent
RtlFillMemory
NtQueryValueKey
NtWriteFile

gdi32

GetEnhMetaFileA
GdiFlush
GetBkColor
Escape
GetClipBox
ExtCreatePen
BitBlt
IntersectClipRect
SaveDC
CreateFontIndirectA
GetTextCharsetInfo
StartPage
SetViewportOrgEx
OffsetViewportOrgEx
EndPage
GetTextAlign
GetObjectA
SetBkMode
SetMetaFileBitsEx
DeleteMetaFile
ExtEscape
DeleteObject
GetDCOrgEx
SetROP2

itssinst

_FSnan
_FRteps
_FInf
_Poly
_LExp
_Inf
_Getctype
_LSinh

user32

GetMessageTime
RedrawWindow
RegisterClassExW
GetClassInfoExA
GetParent
GetWindowTextA
RegisterClassExA
IsChild
SetWindowTextW
CreateDialogIndirectParamA
ShowWindow
WindowFromPoint
DefFrameProcA
TranslateMDISysAccel
RegisterClassA
CallWindowProcW
DrawEdge
PtInRect
WaitMessage
DestroyWindow
SetClipboardViewer
SetCapture
MessageBeep
KillTimer
IsDialogMessageA
SetWindowPos
GetMenuItemCount
ReleaseCapture
FrameRect
wsprintfA
SetWindowLongW
SetCursor
GetKeyState
CreateCaret

kernel32

FreeEnvironmentStringsA
ExitProcess
InterlockedDecrement
GetFileType
GlobalReAlloc
LoadLibraryA
GetEnvironmentStringsW
ResumeThread
GetProfileStringW
GetStringTypeW
GetSystemDefaultLangID
GetDriveTypeA
GlobalGetAtomNameA
Sleep
GlobalMemoryStatus
FileTimeToSystemTime
GetACP
GetLastError
IsBadCodePtr
lstrcmpiA
FindResourceA
GlobalAlloc
SystemTimeToFileTime
SetPriorityClass
CreateEventA
GetProcAddress
HeapSize
VirtualFree
GetLocaleInfoW

ole32

CreateDataAdviseHolder
CoGetMalloc
OleSetClipboard
OleIsCurrentClipboard
CLSIDFromString
OleIsRunning
GetHGlobalFromILockBytes
OleRegEnumFormatEtc
OleCreateLinkToFile
CLSIDFromProgID
CoFreeUnusedLibraries
GetClassFile
GetRunningObjectTable
MkParseDisplayName
SetConvertStg
OleCreateFromFile
ReadFmtUserTypeStg
WriteFmtUserTypeStg
OleGetIconOfFile
CoIsOle1Class

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

078b24c81c335433ca533ddcaf637e66

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

gdi32

itssinst

user32

kernel32

ole32

Sections

.text Size: 160KB - Virtual size: 160KB

.data Size: 47KB - Virtual size: 47KB

.rsrc Size: 54KB - Virtual size: 56KB

.text
Size: 160KB - Virtual size: 160KB

.data
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 54KB - Virtual size: 56KB