9638863ecb086859ed3809807c6a1a3b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9638863ecb086859ed3809807c6a1a3b_JaffaCakes118
Size

284KB
MD5

9638863ecb086859ed3809807c6a1a3b
SHA1

3e18b8043498cbc9f1d2f260da389fa5b4ba8673
SHA256

4dd3d3dcbd1e3fbfb1d0bceb4bb7e07c8abc8271a2ade51632a605fd65feb971
SHA512

c227768951deaef040b0d4b61c71100baa985c128706eace1a7ae3709c8d8db131d85c46213d4b70382cf6fa6a0319e769312746842401a2f0747bbb9bb2155b
SSDEEP

3072:OS9le/9wGeUkYH8JDLnmotiJn26i4l8LYtbHh:OUeLLkYclnmGiJnV52L+bHh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9638863ecb086859ed3809807c6a1a3b_JaffaCakes118

Files

9638863ecb086859ed3809807c6a1a3b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6120ebe8475964aa425a437065114244

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Ant\My Documents\Visual Studio Projects\OneShot\Release\OneShot.pdb

Imports

msimg32

TransparentBlt

kernel32

IsBadReadPtr
SetFilePointer
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
IsBadCodePtr
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapSize
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
GetLocaleInfoA
VirtualProtect
CreateMutexA
GetLastError
GetModuleHandleA
FlushFileBuffers
CreateFileA
CloseHandle
Sleep
GetVolumeInformationA
DeviceIoControl
GetSystemInfo
SetHandleCount
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
SetUnhandledExceptionFilter

user32

LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadCursorA
RegisterClassExA
UnhookWindowsHookEx
PostQuitMessage
SetWindowLongA
SetLayeredWindowAttributes
ShowWindow
SetWindowPos
SetWindowsHookExA
GetTopWindow
DefWindowProcA
LoadStringA
LoadBitmapA
GetSystemMetrics
CreateWindowExA
FindWindowA
GetForegroundWindow
IsClipboardFormatAvailable
GetDC
OpenClipboard
GetClipboardData
EmptyClipboard
CloseClipboard
ReleaseDC
FillRect
GetKeyState
PostMessageA
CallNextHookEx
GetCursorPos

gdi32

SetTextColor
SetBkColor
TextOutA
MoveToEx
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
DeleteDC
GetObjectA
GetDIBits
GetDeviceCaps
CreatePen
CreateSolidBrush
SelectObject
Ellipse
PolylineTo

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegFlushKey
RegCreateKeyExA
RegCloseKey

Exports

Exports

?ClickProc@@YGJHIJ@Z
?HotKeyProc@@YGJHIJ@Z

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6120ebe8475964aa425a437065114244

Headers

File Characteristics

PDB Paths

Imports

msimg32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 208KB - Virtual size: 204KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 208KB - Virtual size: 204KB