a57ef204ebc77a140980cda88a01cc03_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a57ef204ebc77a140980cda88a01cc03_JaffaCakes118
Size

162KB
MD5

a57ef204ebc77a140980cda88a01cc03
SHA1

75cad4f8138bc4b6b532b79b28b1b52a123a5854
SHA256

294922872875a1b63b013fc08f6f77c46a732f5c178ec2be2b950ffa3412d148
SHA512

1db6363a519fd5b2b1052c2493c0a50a24278d2d06475d87bf8f70f67be1c90f3f9af292f21a621cce384a1d2e94344d746c93a8468f2151e6a2a52d6adeaaf4
SSDEEP

3072:kVoZlmAQqg9ooe0HlE8TQKpvsoxqMdeAHqYxWujNFFy8zhRTciO:Yo2AQz9ooe0HqjCsoxqMdeARWYzzvQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a57ef204ebc77a140980cda88a01cc03_JaffaCakes118

Files

a57ef204ebc77a140980cda88a01cc03_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f5891413bec584f5334e7ac3315a8955

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperA
GetKeyState
wsprintfW
MessageBoxA
wsprintfA
CharNextA
CharLowerA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA

kernel32

ResetEvent
GlobalUnlock
CloseHandle
HeapAlloc
FlushFileBuffers
EnterCriticalSection
ExitProcess
InitializeCriticalSection
GetTickCount
GetLastError
lstrcpyA
CompareStringW
FileTimeToSystemTime
HeapReAlloc
GetTempPathA
GetThreadIOPendingFlag
GetEnvironmentVariableA
SetStdHandle
GetACP
SetEndOfFile
HeapDestroy
TransmitCommChar
Sleep
UnmapViewOfFile
GetEnvironmentStrings
IsDBCSLeadByte
IsBadReadPtr
TlsAlloc
FreeEnvironmentStringsW
WritePrivateProfileStringA
GetPriorityClass
HeapSize
CompareStringA
InterlockedDecrement
WaitForSingleObject
MultiByteToWideChar
FreeEnvironmentStringsA
IsBadWritePtr
GetCPInfo
RtlUnwind
RaiseException
DeleteCriticalSection
CreateFileW
SetUnhandledExceptionFilter
GetEnvironmentStringsW
CreateSemaphoreA
GetFullPathNameW
SetEvent
GetStringTypeW
SetLastError
GlobalFree
SetPriorityClass
GetUserDefaultLCID
CreateMutexA
GetOEMCP
GetTempFileNameA
IsBadCodePtr
CreateFileMappingA
TlsSetValue
GetTimeZoneInformation
FileTimeToLocalFileTime
EnumResourceNamesW
ReleaseSemaphore
GetCurrentThreadId
GetCurrentProcess
GetCommandLineA
lstrcmpA
GetTempPathW
WriteFile
LoadLibraryA
GetSystemTime
CreateThread
FreeLibrary
OutputDebugStringA
GetProcAddress
TerminateProcess
LoadLibraryW
TlsGetValue
GetThreadPriority
LeaveCriticalSection
ExitProcess
GetModuleHandleA
InterlockedIncrement
GetStringTypeA
UnhandledExceptionFilter
GetFileType
GetModuleFileNameA
InterlockedExchange
GetStdHandle
LCMapStringW
GlobalAlloc
LCMapStringA
WideCharToMultiByte
GetFullPathNameA
HeapCreate
HeapFree
lstrcmpW
GetPrivateProfileStringA
TlsFree
SetHandleCount
ExitThread
GetStartupInfoA
GetDiskFreeSpaceExA
MapViewOfFile
SetEnvironmentVariableA

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathAddBackslashA

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5891413bec584f5334e7ac3315a8955

Headers

File Characteristics

Imports

user32

advapi32

kernel32

msimg32

shlwapi

Sections

.text Size: 134KB - Virtual size: 133KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 23KB - Virtual size: 22KB

.crt Size: 512B - Virtual size: 72KB

.text
Size: 134KB - Virtual size: 133KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 23KB - Virtual size: 22KB

.crt
Size: 512B - Virtual size: 72KB