a238420560c76f9499c315625c9cd6e9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a238420560c76f9499c315625c9cd6e9_JaffaCakes118
Size

575KB
MD5

a238420560c76f9499c315625c9cd6e9
SHA1

636df8c53975505219df11cb5991c0b1a8eb4002
SHA256

2f9d038b73313e3b4bb580edb8257214fcf1e774debfc6d18cbad50ac334d635
SHA512

5a7cae7348d0399e6e0685bda5674dbe082be734d152d3a34e387a1382e3d5ef96e4bd05361ed4ead3982067e288d09910fe5d5fe3c6ec805fa2fc57afe5e208
SSDEEP

12288:tXn0Oq5AVtSFOVF3WLB61JEEuU0fDMqiVPQfqnRtV6j5WMTz:tX0h569GLc1JEE6fDMqiVPmWSxz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a238420560c76f9499c315625c9cd6e9_JaffaCakes118

Files

a238420560c76f9499c315625c9cd6e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1d925a4ad5bc696d7452d7989b6e88c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
PeekNamedPipe
SetConsoleActiveScreenBuffer
lstrcmpiA
GetOEMCP
ReadFile
GlobalFree
SetNamedPipeHandleState
LeaveCriticalSection
GlobalAddAtomW
PulseEvent
QueryDosDeviceW
FreeEnvironmentStringsA
GetConsoleMode
GetFileInformationByHandle
DeleteCriticalSection
GetDiskFreeSpaceExA
SetEndOfFile
SetEnvironmentVariableW
EnumCalendarInfoA
GetSystemTime
ConnectNamedPipe
GlobalDeleteAtom
SetFileAttributesA
GetFullPathNameA
SetHandleCount
lstrcpynA
ExpandEnvironmentStringsW
EnumSystemCodePagesW
IsBadStringPtrA
VirtualAllocEx
Beep
SetProcessShutdownParameters
GetConsoleCursorInfo
GetDateFormatA
WriteConsoleOutputW
WaitNamedPipeA
ExitProcess

advapi32

GetTokenInformation
DeleteService
GetServiceDisplayNameW
ReportEventW
CryptGetHashParam
GetAce
EnumServicesStatusW
CreateServiceW
SetFileSecurityA
RegSetValueA
GetFileSecurityW
RegEnumKeyW
SetPrivateObjectSecurity
InitializeSecurityDescriptor

version

GetFileVersionInfoSizeA

user32

SetSysColors
LoadStringA
IsMenu
GetPropW
MsgWaitForMultipleObjects
CheckMenuRadioItem
IsCharAlphaA
CallNextHookEx
RemovePropW
GetTopWindow
CopyAcceleratorTableW
GetMenuItemCount
TabbedTextOutW
PostThreadMessageA
SetLastErrorEx
WaitForInputIdle
CreateAcceleratorTableA
IsWindowUnicode
RemovePropA
SetPropW
SetMessageQueue
FillRect
RegisterClassW
CreatePopupMenu
GetProcessDefaultLayout
ChangeDisplaySettingsA

comctl32

_TrackMouseEvent
ImageList_GetIconSize

Sections

.text
Size: 4KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1d925a4ad5bc696d7452d7989b6e88c

Headers

File Characteristics

Imports

kernel32

advapi32

version

user32

comctl32

Sections

.text Size: 4KB - Virtual size: 221KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 293KB - Virtual size: 292KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 4KB - Virtual size: 221KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 293KB - Virtual size: 292KB

.rsrc
Size: 17KB - Virtual size: 16KB