a372e040fd6d3cc4ac03a7a1d8c1d62d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a372e040fd6d3cc4ac03a7a1d8c1d62d_JaffaCakes118
Size

182KB
MD5

a372e040fd6d3cc4ac03a7a1d8c1d62d
SHA1

bedd7292552cc2018b8a5941e7ab312c84833380
SHA256

5a504a36c617cd84fe553869040506769abbb633b45a99b4414e67e9aa2e50ee
SHA512

def5aee653d83cacbc814d1fac52597647da6b2b69c680fa7ad268fc3060e102e48f736c01ad64ae551981bfed25614d21e05e4bdc1e2fda64d93d1e2d94cac9
SSDEEP

3072:OB3LJEl6ZHxOUOI4a/2kCJudAUX1hdK+CSADazk7YaMfK8XU27YHVq3YKw9/37:09HgTt7klXFFdk7YaSvV7YF1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a372e040fd6d3cc4ac03a7a1d8c1d62d_JaffaCakes118

Files

a372e040fd6d3cc4ac03a7a1d8c1d62d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b38885c1bf3d38bdeca6e30eb3780da3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

GetRunningObjectTable
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoTaskMemFree
StringFromCLSID
CLSIDFromString
CoInitialize
CreateStreamOnHGlobal
CoFreeUnusedLibraries
CoUninitialize
CreateItemMoniker
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc

quartz

AMGetErrorTextW

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueA
RegSetValueExA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyA
RegCloseKey
RegEnumKeyExA

shell32

SHGetSpecialFolderPathA

user32

GetQueueStatus
GetMessageA
RegisterClassA
CopyRect
MsgWaitForMultipleObjects
wvsprintfA
RegisterWindowMessageA
LoadStringA
MonitorFromWindow
wsprintfA
CreateWindowExA
PostThreadMessageA
DispatchMessageA
PeekMessageA
DestroyWindow

kernel32

CreateMutexA
HeapFree
GetModuleFileNameW
TerminateThread
GetTapeParameters
LocalFree
LoadResource
LoadLibraryW
GetModuleFileNameA
CreateEventA
GetSystemTimeAsFileTime
CreateFileW
VirtualFree
ClearCommError
IsBadWritePtr
Sleep
GetSystemTime
DeleteCriticalSection
VirtualAlloc
WaitForMultipleObjects
FreeLibrary
ResumeThread
IsBadReadPtr
MultiByteToWideChar
GetVersionExA
LoadLibraryA
FindResourceA
GetLastError
WideCharToMultiByte
GetCurrentThread
InterlockedIncrement
EnumResourceNamesA
CreateSemaphoreA
GlobalAlloc
GetTickCount
GetThreadPriority
InterlockedDecrement
ReleaseMutex
FatalExit
SetEvent
CreateThread
lstrlenA
GetSystemInfo
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
GetACP
GetProcessHeap
LockResource
WaitForSingleObject
LeaveCriticalSection
GetExitCodeThread
GetProcAddress
GetCurrentProcessId
SetThreadPriority
QueryPerformanceCounter
DisableThreadLibraryCalls
ResetEvent
CloseHandle
ReleaseSemaphore
ExitProcess

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b38885c1bf3d38bdeca6e30eb3780da3

Headers

File Characteristics

Imports

ole32

quartz

advapi32

shell32

user32

kernel32

winmm

Sections

.text Size: 124KB - Virtual size: 124KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 53KB - Virtual size: 52KB

.lib Size: 512B - Virtual size: 236KB

.text
Size: 124KB - Virtual size: 124KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 53KB - Virtual size: 52KB

.lib
Size: 512B - Virtual size: 236KB