a7c01fc692deda436ca8d2c9e5282625_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7c01fc692deda436ca8d2c9e5282625_JaffaCakes118
Size

82KB
MD5

a7c01fc692deda436ca8d2c9e5282625
SHA1

6c73ef392d71545bf9c4301aa67971f4d4f37025
SHA256

c30871e7dbee9340a6bf2c4d6e276e37e03d098c452e94dceb922a2a7e90a989
SHA512

cdbf6ff1056f478234cb49ae37c7ebd3923109349062bc3c3c51108371046e584a75f384fecd727a0390d39bc1ef6376f7c24ce318d191cdced1104ac765cded
SSDEEP

1536:8KD7XhBv+8t7mPa5/uuV0xBF2S4JNAL8qmXSMaAAkxCkNHRCmd4fbDP:PD7hBvrRmYC54JNOXcSMmkwERLd4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7c01fc692deda436ca8d2c9e5282625_JaffaCakes118

Files

a7c01fc692deda436ca8d2c9e5282625_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d1a7cbfbfc5350ab965b34eb7b6950da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_beep
_itow
_beginthread
_wcsnicmp
free
wcscat
exit
_wtoi
iswdigit
_except_handler3
malloc
wcscpy
wcsncpy
wcschr
_chdir
_purecall

kernel32

DisableThreadLibraryCalls
QueryPerformanceCounter
MultiByteToWideChar
SystemTimeToFileTime
LocalFree
GetSystemTimeAsFileTime
FormatMessageW
GetModuleHandleW
Sleep
GetCurrentProcess
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetLastError
CloseHandle
lstrcmpiW
GetVersionExW
UnhandledExceptionFilter
TerminateProcess
InterlockedDecrement
DeleteCriticalSection
FileTimeToSystemTime
GetComputerNameW
FileTimeToLocalFileTime
InitializeCriticalSection
CompareStringW
VirtualAlloc
LocalAlloc
GetSystemTime
GetTimeFormatW
GetACP
GetComputerNameExW
CreateFileW
GetTickCount
GetCurrentProcessId
SetUnhandledExceptionFilter
InterlockedIncrement
lstrlenW
SetLastError
GetDateFormatW
GetModuleFileNameW
LocalReAlloc
GetEnvironmentVariableW

winmm

auxSetVolume

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertCreateCertificateContext

advapi32

LsaOpenPolicy
RegEnumValueW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
LsaRetrievePrivateData
LsaFreeMemory
RegQueryInfoKeyW
RegQueryValueExW
LsaClose

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
StringFromCLSID

comctl32

PropertySheetW

ntdll

RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceShared
RtlDeleteResource
RtlAcquireResourceExclusive

certcli

CAGetCertTypeProperty
CACloseCertType
CAFindCertTypeByName
CAFreeCertTypeProperty

user32

wsprintfW
LoadStringW
SetWindowLongW
GetParent
EnableWindow
SendMessageW
MessageBoxW
WinHelpW
GetDlgItem
GetWindowLongW

Sections

.textbss
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d1a7cbfbfc5350ab965b34eb7b6950da

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

winmm

crypt32

advapi32

ole32

comctl32

ntdll

certcli

user32

Sections

.textbss Size: - Virtual size: 1.2MB

.reloc Size: 1024B - Virtual size: 836B

.text Size: 512B - Virtual size: 468B

.rdata Size: 512B - Virtual size: 32B

.idata Size: 79KB - Virtual size: 79KB

.textbss
Size: - Virtual size: 1.2MB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 512B - Virtual size: 468B

.rdata
Size: 512B - Virtual size: 32B

.idata
Size: 79KB - Virtual size: 79KB