a7ddfd02268ab0778b88622a530c2040_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7ddfd02268ab0778b88622a530c2040_JaffaCakes118
Size

999KB
MD5

a7ddfd02268ab0778b88622a530c2040
SHA1

ac639e712fa817fdf40b8794dd5d0dbfd77f2b88
SHA256

1a11b60547698fd84b88e0598a22ba8ce38e41464d2e43f8171d678738f10918
SHA512

5616e3650ab42ad4e65ca52db66da6e39fae8f8a9169a21497e3bbe5725613f0cf353438f9399715a4d4318a14650d8afc7f8cbeddd64b4c7b8d773891a1b6ab
SSDEEP

12288:qJkiDNS8aLfAKfUb80kUW2lDkbFL4sQ6ra/PDnuBUG3JIRsCX+P0bTaRfe2:cIRxWkUW2NKg2wrSUXzOP0KRf3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7ddfd02268ab0778b88622a530c2040_JaffaCakes118

Files

a7ddfd02268ab0778b88622a530c2040_JaffaCakes118
.exe windows:4 windows x86 arch:x86

baeb059c0788a12b263b7e83cbaa4b99

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayGetLBound
SafeArrayRedim

kernel32

GetTickCount
WritePrivateProfileSectionA
WriteFile
GenerateConsoleCtrlEvent
FormatMessageA
IsBadWritePtr
SetFileAttributesA
IsProcessorFeaturePresent
GetUserDefaultLangID
GetProcessTimes
GetCommConfig
SetCommTimeouts
GetDateFormatA
FindResourceExA
VirtualQuery
GetAtomNameA
GlobalGetAtomNameW
OutputDebugStringA
ReadConsoleOutputA
GetShortPathNameA
PeekConsoleInputW
OpenMutexA
GetVolumeInformationW
SetProcessAffinityMask
EnumCalendarInfoW
EnumCalendarInfoA
VirtualQueryEx
MoveFileW
FindResourceExW
VirtualProtect
VirtualLock
GetLongPathNameA
GetHandleInformation
CompareStringA
SetConsoleActiveScreenBuffer
GetSystemDefaultLangID
CreatePipe
GetDiskFreeSpaceExA
PeekNamedPipe
SetCommMask
ExitProcess
GetBinaryTypeA
GetFileType

user32

IsCharAlphaW
AppendMenuA
GetClipboardFormatNameA
SetWindowPlacement
FrameRect
GetClipboardData
SetClipboardData
GetAncestor
PeekMessageA
OpenClipboard
TranslateMessage
ReleaseCapture
SendInput
CreateWindowStationW
GetWindowTextLengthW

shell32

SHGetSpecialFolderPathW
SHGetDesktopFolder

advapi32

RegSetValueW
NotifyChangeEventLog
EnumDependentServicesW
CryptExportKey
IsValidSid
GetSecurityDescriptorGroup
OpenSCManagerW
IsTextUnicode
GetServiceDisplayNameA
CryptVerifySignatureA
CryptEncrypt

msvcrt

rand
_getpid
_mbstrlen
_sleep
_wcsdup
_wchmod
_ecvt

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 497KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

baeb059c0788a12b263b7e83cbaa4b99

Headers

File Characteristics

Imports

oleaut32

kernel32

user32

shell32

advapi32

msvcrt

Sections

.text Size: 270KB - Virtual size: 269KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 497KB - Virtual size: 496KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 270KB - Virtual size: 269KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 497KB - Virtual size: 496KB

.rsrc
Size: 17KB - Virtual size: 16KB