a378f3c73a7f99733d0f61140bbbb6bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a378f3c73a7f99733d0f61140bbbb6bc_JaffaCakes118
Size

167KB
MD5

a378f3c73a7f99733d0f61140bbbb6bc
SHA1

39d43dfd168d5aacd514ece9004ae70abca64639
SHA256

9103f6798b314ad26973e5a934f94ff885a112e18addd490079d4f694e396d4e
SHA512

ca6c4481a57473b5271c91ef1a1ca1a1d8477ccc1d03f2a26011c77da5792b5b5fa9eab590dae8ca3a1e2562ac548da79184ebc9cfb37df1b794d8bc26304f6a
SSDEEP

3072:VCDyUX5ohkGkLBuSOflCq2Dl6efU/VTbOInO0DLmpBF/5:U2UXakmlV2Dl/fUdOInOxpb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a378f3c73a7f99733d0f61140bbbb6bc_JaffaCakes118

Files

a378f3c73a7f99733d0f61140bbbb6bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f24cff72b2a1b5331e51c61968b74e51

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathFindExtensionA

gdi32

GetTextExtentPointA
SelectObject
GetTextMetricsA
GetDeviceCaps
DeleteObject
CreateFontIndirectA

user32

GetDialogBaseUnits
GetDC
ReleaseDC
IsDialogMessageA
GetDlgItemTextA
EnableWindow
SendMessageA
SetWindowLongA
SetDlgItemTextA
IsWindow
CheckDlgButton
ShowWindow
MoveWindow
IsDlgButtonChecked
GetDlgItem
WinHelpA
DestroyWindow
UnregisterClassA
CreateDialogParamA
CharNextA

kernel32

MultiByteToWideChar
GetACP
lstrcatA
WriteFile
UnhandledExceptionFilter
SetHandleInformation
GetLocaleInfoA
IsDBCSLeadByte
QueryPerformanceCounter
TlsGetValue
InterlockedIncrement
RaiseException
TlsSetValue
DisableThreadLibraryCalls
GetModuleHandleA
GetTickCount
FreeEnvironmentStringsA
FreeEnvironmentStringsW
TerminateProcess
VirtualProtect
TransmitCommChar
GetVersionExA
lstrcpynA
VirtualAlloc
SetFilePointer
GetSystemInfo
GetProcAddress
RtlUnwind
LoadLibraryA
SizeofResource
LoadResource
FreeLibrary
TlsFree
GetLastError
MulDiv
TlsAlloc
GetCPInfo
EnumResourceNamesW
GetOEMCP
IsBadCodePtr
GetStartupInfoA
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
IsBadReadPtr
FindResourceA
GetFileType
LCMapStringA
LCMapStringW
FlushInstructionCache
ExitProcess
HeapReAlloc
CloseHandle
InterlockedExchange
lstrcpyA
IsBadWritePtr
VirtualFree
GetEnvironmentStrings
ExitProcess
GetThreadLocale
GetStringTypeA
GetCurrentProcess
InterlockedDecrement
lstrlenW
LeaveCriticalSection
GetProcessHeap
GetStdHandle
GetCurrentProcessId
GetStringTypeW
GetModuleFileNameA
HeapDestroy
lstrcmpiA
DeleteCriticalSection
GetSystemTimeAsFileTime
lstrlenA
LoadLibraryExA
HeapCreate
LockResource
SetStdHandle
SetLastError
FlushFileBuffers
HeapAlloc
GetCommandLineA
HeapSize
EnterCriticalSection
GetEnvironmentStringsW
SetUnhandledExceptionFilter
SetHandleCount
InitializeCriticalSection
HeapFree

advapi32

RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA
RegQueryInfoKeyA

ole32

CoTaskMemAlloc
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f24cff72b2a1b5331e51c61968b74e51

Headers

File Characteristics

Imports

msimg32

shlwapi

gdi32

user32

kernel32

advapi32

ole32

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 42KB - Virtual size: 42KB

.crt Size: 512B - Virtual size: 64KB

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 42KB - Virtual size: 42KB

.crt
Size: 512B - Virtual size: 64KB