a3781b01d072a8af950deee33b4c5021_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3781b01d072a8af950deee33b4c5021_JaffaCakes118
Size

3.9MB
MD5

a3781b01d072a8af950deee33b4c5021
SHA1

8b6de79e6061cdcbc2b85bb6d0a95a9dcf6ab91d
SHA256

0d200388068a9e6991eb5868bb4747686da10753cf0b2dce4b9781ce2ba3e192
SHA512

cceac1caaa38db545b37e837ab130ec8ceb1abb436c8779588675bb3b7c002d59bfef572993471cdfbc82658d178d0a28b2871115ea8125717542409e80d10b9
SSDEEP

49152:txJvDMrB1WNm5RKJKK1jTZ33C3QocxINLwSpO2pPjZR4FkdB/+:SrBkmTlEjTZ33+1xvpOG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3781b01d072a8af950deee33b4c5021_JaffaCakes118

Files

a3781b01d072a8af950deee33b4c5021_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a5d440be29f94726aa0a1eb790a96130

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncpy
malloc
free
memmove
modf
_CIpow
strncmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_ftol
atoi
strtod
floor
sprintf
_strnicmp

kernel32

FreeLibrary
LCMapStringA
GlobalAlloc
GlobalLock
GlobalUnlock
CreateFileA
SetUnhandledExceptionFilter
GetModuleHandleA
OpenEventA
CreateEventA
SetHandleCount
SetErrorMode
GetTempPathA
CreatePipe
GetStartupInfoA
CreateProcessA
CloseHandle
ReadFile
VirtualAlloc
WriteFile
RtlMoveMemory
LoadLibraryA
GetProcAddress
VirtualFree
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
DeleteFileA

gdi32

SetTextColor
SelectObject
DeleteObject
CreateDIBitmap
CreateSolidBrush
CreatePatternBrush
SetBkMode

user32

DialogBoxParamA
GetDC
ReleaseDC
GetDlgItem
SendMessageA
SetWindowTextA
SetPropA
EndDialog
GetPropA
BeginPaint
GetClientRect
FillRect
EndPaint
ScreenToClient
SetForegroundWindow
TrackPopupMenu
GetFocus
GetWindowRect
GetParent
MoveWindow
SetWindowLongA
TrackMouseEvent
GetSubMenu
CallWindowProcA
CreateWindowExA
SetWindowPos
RegisterHotKey
GetWindowTextLengthA
GetWindowTextA
ShowWindow
EnableWindow
SetMenuItemInfoA
SetFocus
MessageBoxA
wsprintfA
GetCursorPos
SetCursor
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadMenuA
LoadCursorA
LoadBitmapA
SetClassLongA
LoadIconA

shell32

ShellExecuteA

shlwapi

PathFileExistsA

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.8MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a5d440be29f94726aa0a1eb790a96130

Headers

File Characteristics

Imports

msvcrt

kernel32

gdi32

user32

shell32

shlwapi

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 3.8MB - Virtual size: 3.9MB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 3.8MB - Virtual size: 3.9MB

.rsrc
Size: 24KB - Virtual size: 21KB