94be65402c3389e47a546c5497fa696d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

94be65402c3389e47a546c5497fa696d_JaffaCakes118
Size

77KB
MD5

94be65402c3389e47a546c5497fa696d
SHA1

ff2addac6f39236b361b3e8f8739abf57dfed6e0
SHA256

46b2b41b0ae5abe0d4a2e33dae15421e61956d196d9c709609fe5800a0bcf519
SHA512

4d282785e4d015259c8bccd950a03c054b5b24cbd6f280a7407d6ca6f2e4b7d617b37d3358c1806b5f7818ceeb711beb8554e6af6deed4b664c06db06f59921c
SSDEEP

1536:6+oIah+MO74ujwh6T8OvPkxw4yB7r/o+ZeiXAnxyH05LP:5bgJujVTvPkx5yB7Lo1YAn8HQP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94be65402c3389e47a546c5497fa696d_JaffaCakes118

Files

94be65402c3389e47a546c5497fa696d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8d9dc8de7ebc73637df4d7b566ed439

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
FreeLibrary
VirtualProtect
VirtualProtect
VirtualProtect
SetEvent
FreeLibrary
SetLastError
UnhandledExceptionFilter
SetLastError
HeapReAlloc
GetCurrentProcessId
GetStartupInfoW
HeapDestroy
GetModuleHandleA
GetCommandLineW
lstrcpyW
InitializeCriticalSection
WriteFile
GetProcAddress
GetCurrentThreadId
VirtualAlloc
GetCurrentThreadId
DeleteCriticalSection

advapi32

RegOpenKeyA
InitializeSecurityDescriptor
InitializeSecurityDescriptor
RegQueryInfoKeyW
CheckTokenMembership
RegOpenKeyExA
ControlService
RegQueryInfoKeyW
RegCloseKey
RegFlushKey
RegEnumKeyW
OpenThreadToken
DeleteService
RegCloseKey
StartServiceCtrlDispatcherW
RegisterEventSourceW
RegDeleteValueA
RegFlushKey
GetUserNameW
RegOpenKeyA
OpenThreadToken
RegOpenKeyExA
GetUserNameW
RegisterServiceCtrlHandlerW
RegEnumKeyExW
SetSecurityDescriptorGroup
RegCreateKeyW

user32

GetLastActivePopup
DrawIconEx
EndDialog
BringWindowToTop
DrawFocusRect
GetUserObjectInformationW
SetWindowPos
CharNextA
DispatchMessageW
IsIconic
EndDialog
BeginDeferWindowPos
ShowWindow
TranslateAcceleratorW
MessageBoxW
SystemParametersInfoW
GetThreadDesktop
RegisterWindowMessageW
GetClassNameW
RegisterClipboardFormatW

gdi32

SetBkMode
CreateBitmap
PatBlt
ExtTextOutW
StretchBlt
MoveToEx
GetTextMetricsW
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleBitmap
SetTextColor
CreateCompatibleBitmap
SetBkColor
GetObjectA
PatBlt
SetTextColor
LineTo
GetObjectA
Rectangle
GetStockObject
SelectPalette
SetBkColor
TextOutW
TranslateCharsetInfo
SetTextColor
SelectObject
SetStretchBltMode

shell32

SHGetSpecialFolderPathW
ExtractIconW
DragQueryFileW
SHGetDesktopFolder
SHGetDesktopFolder
SHGetFileInfoW
SHGetFolderPathW
CommandLineToArgvW
DragQueryFileW
ShellAboutW
SHGetMalloc
SHChangeNotify
ShellAboutW
ExtractIconExW
SHGetMalloc
SHChangeNotify
SHGetFileInfoW
ExtractIconW
ShellExecuteW
SHGetFolderPathW
DragFinish
DragFinish
SHGetFolderPathW
ExtractIconExW
SHChangeNotify
ShellExecuteW
SHGetDesktopFolder
SHGetPathFromIDListW

Sections

.text
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8d9dc8de7ebc73637df4d7b566ed439

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

shell32

Sections

.text Size: 7KB - Virtual size: 8KB

.data Size: 65KB - Virtual size: 92KB

.rdata Size: 3KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 8KB

.data
Size: 65KB - Virtual size: 92KB

.rdata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB