a080f1c13419c760f0ff92edb2ea9e49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a080f1c13419c760f0ff92edb2ea9e49_JaffaCakes118
Size

64KB
MD5

a080f1c13419c760f0ff92edb2ea9e49
SHA1

5ad7dfd48176e9e3051651f48446c92cfbaccc1e
SHA256

2d4a85a5f650d100c2ea3ff7094e97b2b381b5bd3631fd0b1900d4861130fa07
SHA512

9178eeef0519cb6f8c848f8cd29395ec8506f8609f9c10a0d834c6ef0f0da8c6c4e909df16dfa73583851f4f5cb06f86851984eede0dcd011da79b87575c2e19
SSDEEP

768:zfuyL1PuiYDQ5M6hwEUAZrlnnb5H5CD+tvQJKaWn1M3SLyYNGFhiHmODJlK+q:zfZL1PjiQZeEJkD+JQEaWnESLJGWXtlM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a080f1c13419c760f0ff92edb2ea9e49_JaffaCakes118

Files

a080f1c13419c760f0ff92edb2ea9e49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

633abc59dac7510aedf85c5b4a4ec442

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
GetLastError
ReadFile
lstrcpynA
lstrcmpA
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
CreateFileA
GetCurrentThreadId
DeleteFileA
GetTempFileNameA
lstrcatA
lstrcpyA
InterlockedIncrement
InterlockedDecrement
lstrlenA
LockResource
LoadResource
FindResourceA
CreateEventA
OpenEventA
InitializeCriticalSection
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadLibraryExA
lstrcmpiA
IsDBCSLeadByte
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
lstrlenW
InterlockedExchange
GetOEMCP
LoadLibraryA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapSize
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
RtlUnwind
HeapReAlloc
GetProcAddress
TerminateProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

DispatchMessageA
GetMessageA
PeekMessageA
SetWindowLongA
UnregisterClassA
TranslateMessage
RegisterWindowMessageA
CharNextA
DefWindowProcA
CreateDialogParamA
KillTimer
SetTimer
DestroyWindow
wsprintfA

advapi32

RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA

shell32

ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsA

rasapi32

RasEnumConnectionsA
RasHangUpA
RasGetConnectStatusA
RasSetEntryPropertiesA
RasGetEntryDialParamsA
RasSetEntryDialParamsA
RasDialA
RasGetEntryPropertiesA
RasEnumDevicesA

urlmon

URLDownloadToFileA

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

633abc59dac7510aedf85c5b4a4ec442

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rasapi32

urlmon

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1024B

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1024B