a25a30487a66aabe99c9c730a09b35cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a25a30487a66aabe99c9c730a09b35cc_JaffaCakes118
Size

172KB
MD5

a25a30487a66aabe99c9c730a09b35cc
SHA1

535c23af6ab7c70107dddc831fa0a66e10317e2f
SHA256

1e074b769f07d054b89c4fa62d55a86787cf6eea2d38961695be2f81bb629b8a
SHA512

11babb7f11786330e1fe5a5779bb1b296e6af3c70e6ba2d5eb1299d6688ef215272fa8a856ab9a2bd8ddce6b1c7b61bd2573380245d0fe64c2892b88521af88d
SSDEEP

3072:mXBKVDPKhX1cQvji68mFi+qtoED0j/JudDtPFTEcZmFW:mXBQPZQbixmFXrzJudD9JWY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a25a30487a66aabe99c9c730a09b35cc_JaffaCakes118

Files

a25a30487a66aabe99c9c730a09b35cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a04ce80bd71e7f9ed4e4e2cd5124c089

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryInfoKeyA

shlwapi

PathFindExtensionA

user32

GetDialogBaseUnits
EnableWindow
GetDC
GetDlgItemTextA
ReleaseDC
GetDlgItem
WinHelpA
IsDialogMessageA
IsDlgButtonChecked
DestroyWindow
CheckDlgButton
CreateDialogParamA
MoveWindow
UnregisterClassA
ShowWindow
SetDlgItemTextA
IsWindow
SendMessageA
SetWindowLongA
CharNextA

msimg32

AlphaBlend
TransparentBlt

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

kernel32

GetCommandLineA
lstrcatA
LCMapStringW
FlushFileBuffers
LoadLibraryA
GetCPInfo
GetModuleFileNameA
GetStringTypeW
GetOEMCP
RaiseException
InterlockedExchange
SetHandleInformation
TlsFree
GetProcessHeap
GetProcAddress
DeleteCriticalSection
HeapDestroy
VirtualProtect
UnhandledExceptionFilter
WideCharToMultiByte
TerminateProcess
TlsGetValue
GetTickCount
LockResource
SetLastError
GetLastError
InterlockedIncrement
GetSystemTimeAsFileTime
EnterCriticalSection
FindResourceA
GetEnvironmentStringsW
FreeLibrary
TransmitCommChar
IsBadCodePtr
GetSystemInfo
VirtualFree
GetCurrentThreadId
GetEnvironmentStrings
GetCurrentProcessId
ExitProcess
TlsAlloc
EnumResourceNamesW
VirtualQuery
HeapSize
SetUnhandledExceptionFilter
SetFilePointer
IsBadReadPtr
GetStartupInfoA
HeapReAlloc
LeaveCriticalSection
lstrcpynA
IsBadWritePtr
SetStdHandle
GetFileType
LoadResource
lstrlenW
GetLocaleInfoA
MulDiv
lstrcpyA
lstrlenA
WriteFile
ExitProcess
InitializeCriticalSection
MultiByteToWideChar
GetThreadLocale
GetCurrentProcess
RtlUnwind
GetModuleHandleA
FlushInstructionCache
GetStringTypeA
LCMapStringA
TlsSetValue
LoadLibraryExA
lstrcmpiA
QueryPerformanceCounter
SetHandleCount
GetStdHandle
InterlockedDecrement
FreeEnvironmentStringsW
GetVersionExA
GetACP
IsDBCSLeadByte
VirtualAlloc
FreeEnvironmentStringsA
HeapCreate
SizeofResource
CloseHandle
DisableThreadLibraryCalls
HeapAlloc
HeapFree

gdi32

DeleteObject
GetTextMetricsA
GetTextExtentPointA
GetDeviceCaps
SelectObject
CreateFontIndirectA

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a04ce80bd71e7f9ed4e4e2cd5124c089

Headers

File Characteristics

Imports

advapi32

shlwapi

user32

msimg32

ole32

kernel32

gdi32

Sections

.text Size: 141KB - Virtual size: 140KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 25KB - Virtual size: 25KB

.crt Size: 512B - Virtual size: 212KB

.text
Size: 141KB - Virtual size: 140KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 25KB - Virtual size: 25KB

.crt
Size: 512B - Virtual size: 212KB