a3e667c89b7ccdf0a511cdfc9fa07086_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3e667c89b7ccdf0a511cdfc9fa07086_JaffaCakes118
Size

208KB
MD5

a3e667c89b7ccdf0a511cdfc9fa07086
SHA1

90cf0409d8fba4068d7b5ad58527b637a634f807
SHA256

0cccb1f7efd7946880948ea7b463e017183f724794f50c645a1dbdb877500c1c
SHA512

d3817f981bb81112dfc9a7f5c60d7aedda4d0d4a5421aeb5cc6a56ac22747ba236933a023f2ec227112ffb9f4540778e043e3c397586669564c4e08ae34a0ac3
SSDEEP

6144:T/av6AYLMVtZmwDRdVXE2FWwnx+Hgbf9ArcOVw:pAYQbZmwx0gPT9iO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3e667c89b7ccdf0a511cdfc9fa07086_JaffaCakes118

Files

a3e667c89b7ccdf0a511cdfc9fa07086_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1bd39affd7edf4c93d919368971bfc5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
QueryDosDeviceA
GetOEMCP
GetSystemDefaultLangID
GetBinaryTypeW
IsProcessorFeaturePresent
GlobalAddAtomA
QueryDosDeviceW
LCMapStringA
RemoveDirectoryA
GlobalGetAtomNameW
FindResourceExW
SizeofResource
GetLargestConsoleWindowSize
FatalAppExitA
OpenSemaphoreW
FreeLibrary
GetProcessTimes
GlobalUnlock
GetCurrentDirectoryW
FreeLibraryAndExitThread
GetACP
GetModuleHandleA
FindFirstFileW
EnumResourceNamesW
SearchPathW
FindResourceExA
CancelIo
CreateWaitableTimerA
SetConsoleOutputCP
WritePrivateProfileStringA
GetConsoleCursorInfo
SetEvent
lstrcatW
ReleaseMutex
DeleteCriticalSection
EnumResourceLanguagesW
SetThreadPriorityBoost
OpenFile
CreatePipe
FindNextChangeNotification
VirtualAlloc
GetTimeZoneInformation
WriteProcessMemory
SetLastError
FindCloseChangeNotification
LoadResource
GetStartupInfoA

user32

SendDlgItemMessageA
MenuItemFromPoint
BringWindowToTop
InvalidateRgn
GetWindowInfo
DestroyIcon
GetCursor
SwitchToThisWindow
LoadStringA
CallNextHookEx
LoadImageA

gdi32

PtInRegion
SwapBuffers
CreateDCA
GetRgnBox
GetTextExtentPointA
StrokePath
LPtoDP
GetROP2

comdlg32

FindTextA
GetSaveFileNameW

advapi32

GetServiceKeyNameW
RegLoadKeyA
IsValidAcl
RegReplaceKeyW
SetFileSecurityA
LookupPrivilegeValueW
LookupAccountSidW
CryptAcquireContextW
RegRestoreKeyA
RegFlushKey

comctl32

ImageList_EndDrag
ImageList_Create
ImageList_Replace

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerFindFileA

ws2_32

getprotobyname
listen
inet_addr
WSAEnumProtocolsW
WSACancelAsyncRequest
WSANtohl
gethostname
WSARemoveServiceClass
WSAStartup

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_itow
_wcsnset
_wsopen
swprintf
strncpy
freopen
strpbrk
isleadbyte
iswctype
_close
vfprintf
_finite
longjmp
_sopen
ctime

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1bd39affd7edf4c93d919368971bfc5a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

version

ws2_32

msvcrt

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 196KB - Virtual size: 193KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 196KB - Virtual size: 193KB