9542974311874b0b48d5e3f77d3b1851_JaffaCakes118

General

Target

9542974311874b0b48d5e3f77d3b1851_JaffaCakes118
Size

858KB
MD5

9542974311874b0b48d5e3f77d3b1851
SHA1

e7538efd4909468f1b8a5594dfcd52e67cb7b775
SHA256

0bcab6cc653e07e37d6bd4578e1b5d82d091760e2e442f125e99d18275a0b2e1
SHA512

2271dbdf944c2a46e26d2ec4eee0b1316f8c70b579f98c4625e39dfc396b81a0dc1711b78c8b41697a402cf09759a81e200832649725f91d8121fcd14a80531a
SSDEEP

24576:8/dN0SbjgAUsVDmToxasp/Xm64mulvQttf3Z:GdN0Sb0bmpAsDbttfZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9542974311874b0b48d5e3f77d3b1851_JaffaCakes118

Files

9542974311874b0b48d5e3f77d3b1851_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7d1dbd0eb4f45720046049ed9656f9a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GlobalSize
OpenEventW
GetEnvironmentVariableW
lstrcmpiW
SetStdHandle
lstrcpyW
GetConsoleOutputCP
GlobalDeleteAtom
DeviceIoControl
SetThreadPriority
ExitThread
FormatMessageA
InterlockedDecrement
GetLocaleInfoW
lstrlenA
LocalAlloc
SetFileAttributesA
ExitProcess
VirtualAlloc
GetEnvironmentStringsA
OutputDebugStringW
GetStartupInfoA
SetLastError
EnterCriticalSection
IsDBCSLeadByte
CreateSemaphoreW
WaitForSingleObject
DeleteCriticalSection
GetStartupInfoW
GetCurrentThread
GetWindowsDirectoryW
LeaveCriticalSection
CopyFileW
CompareStringW
GetShortPathNameA
GetTempPathW
LoadLibraryA

user32

CallNextHookEx
SetScrollPos
LoadBitmapA
SetActiveWindow
GetPropW
GetIconInfo
OpenClipboard
TranslateMessage
EnumWindows
GetAsyncKeyState
PostThreadMessageW
DispatchMessageA
GetDlgItem
EqualRect
IsWindow
IsChild
SetDlgItemTextW
ReleaseDC
DefWindowProcW
SystemParametersInfoW
wsprintfA
SetForegroundWindow
RegisterWindowMessageW

advapi32

RegDeleteKeyW
AddAccessAllowedAce
AdjustTokenPrivileges
CryptReleaseContext
RegDeleteValueA

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 691KB - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d1dbd0eb4f45720046049ed9656f9a5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 161KB - Virtual size: 160KB

.rdata Size: 691KB - Virtual size: 691KB

.data Size: 2KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 691KB - Virtual size: 691KB

.data
Size: 2KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB