a0b28203820b190febe6d270112a7f6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a0b28203820b190febe6d270112a7f6a_JaffaCakes118
Size

145KB
MD5

a0b28203820b190febe6d270112a7f6a
SHA1

8abe2c0af592ce9cfe4fdcb324fdd70931307815
SHA256

b9942f9f5bf01afe832f25e45f9d31d58797179d524c6a11139b260914a300ac
SHA512

de7c3d60c40d797629b44d2a427da2e243723d87e2755310a9a40deb8291267642ac336bbb80e6acf450b2c286f1dc56a7d82c37a9d2169ae140ee638d98691a
SSDEEP

3072:6jwLqtmvyCoMhdFI7PYnPq4DZk10OlFukSYRlCML7GsB:9vy67FIMP5DwrXzVKsB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0b28203820b190febe6d270112a7f6a_JaffaCakes118

Files

a0b28203820b190febe6d270112a7f6a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6195fd535575295310f0a94f5614aaa3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_vsnprintf

shlwapi

StrRChrIW
StrDupA
StrToIntExA
StrCSpnIA
StrToIntW
PathAppendA
StrChrW

shell32

SHPathPrepareForWriteA

kernel32

CreateNamedPipeW
WideCharToMultiByte
CreateEventA
MulDiv
EnumResourceLanguagesA
WaitForSingleObject
GetProcessHeaps
OpenThread
OpenEventA
GetCommMask
GetModuleHandleA
OpenFileMappingW
GetFileTime
GetFileInformationByHandle
lstrcpyW
ExpandEnvironmentStringsW
SetHandleInformation
WaitNamedPipeA
LocalFree
LoadLibraryA
CreateDirectoryExW
GetSystemWindowsDirectoryW
MapViewOfFile
TlsFree
ConnectNamedPipe
CompareFileTime
FileTimeToDosDateTime
GetTapeStatus

user32

DrawTextW
GetUpdateRgn
GetWindow
DlgDirSelectComboBoxExA
DialogBoxParamA
ValidateRgn
DefMDIChildProcW
LoadStringW
GetDesktopWindow
CharLowerBuffA
ReleaseDC
GetDCEx
BringWindowToTop
ShowCursor
BeginPaint
GetWindowTextLengthA
CharNextExA
GetLastActivePopup
GetKeyNameTextA
PrivateExtractIconsW
GetPropA
RealGetWindowClassA
LoadMenuA
GetUpdateRect
TranslateMessage
SetWindowContextHelpId
GetWindowTextA
CreateAcceleratorTableA
GetWindowTextW
PeekMessageA
RedrawWindow
EnumPropsExW
PostMessageA
DispatchMessageA
GetComboBoxInfo
SetWindowTextA
GetScrollPos
RegisterHotKey
GetParent
GetDC
GetMenuItemRect
GetAltTabInfoA

gdi32

SetBoundsRect
CombineTransform
OffsetRgn
AngleArc
CreateDIBSection
SetTextColor
GetTextAlign
CreateBitmapIndirect
OffsetWindowOrgEx
GetBitmapDimensionEx
GetFontLanguageInfo
GetBkMode
SetGraphicsMode
GetBitmapBits
GetTextColor
LineTo
GetClipBox

advapi32

GetLengthSid
FreeSid
EqualSid
GetSidSubAuthority
GetSidLengthRequired

Exports

Exports

__ReadFile@12
__WriteFile@12

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.icode
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mtemp
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.etable
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6195fd535575295310f0a94f5614aaa3

Headers

File Characteristics

Imports

ntdll

shlwapi

shell32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.icode Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 260B

.mtemp Size: 512B - Virtual size: 128B

.etable Size: 1024B - Virtual size: 540B

.rsrc Size: 124KB - Virtual size: 123KB

.reloc Size: 1024B - Virtual size: 850B

.text
Size: 2KB - Virtual size: 1KB

.icode
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 260B

.mtemp
Size: 512B - Virtual size: 128B

.etable
Size: 1024B - Virtual size: 540B

.rsrc
Size: 124KB - Virtual size: 123KB

.reloc
Size: 1024B - Virtual size: 850B