a838f21ddd6b325ca9a5aef2effd9d03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a838f21ddd6b325ca9a5aef2effd9d03_JaffaCakes118
Size

74KB
MD5

a838f21ddd6b325ca9a5aef2effd9d03
SHA1

4e3c5f061e359e9cfeaaa168aeebccd4608d1890
SHA256

d519c9b8ac200d2ba9180b133b15ba8f0689a326104e38292abeaf840aac16da
SHA512

469b5665425a5b4903372caf0ef8c4b73de14feea18bfab8d56be1de552e423e4cb774854f64323278af0d0305f0f5ee12fd60bd6494f3cd64ff96465d82e3fa
SSDEEP

384:SxjbmlDVbNW/+0Mm+sJ8cU+P0QRfiHzJa+PguQmXt+trMMj+Z8VzkggvAU6noj73:+d/zJi+P0DlaMhQm8rMMiZ8Vzkg/CoA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a838f21ddd6b325ca9a5aef2effd9d03_JaffaCakes118

Files

a838f21ddd6b325ca9a5aef2effd9d03_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f91519d4253225839077b954f9f8ede6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GlobalUnlock
GlobalFree
GetCurrentProcess
FreeLibrary
lstrcmpA
ExpandEnvironmentStringsA
GetTempPathA
CloseHandle
GetFileSize
Sleep
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetVersionExA
_llseek
ExitProcess
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetCommandLineA
SetErrorMode
GetTempFileNameA
GlobalAlloc
WaitForSingleObject
CreateDirectoryA
GetFileTime
GetUserDefaultLangID
FreeResource
GlobalLock
LoadResource
SizeofResource
FindResourceA
MulDiv
lstrcmpiA
lstrcpyA
lstrlenA
GetPrivateProfileIntA
GetPrivateProfileStringA
_lcreat
SetFileTime
LoadLibraryA
GetProcAddress
lstrcatA
_lwrite
_lclose
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetExitCodeProcess
_lread
_lopen
LockResource

user32

SetWindowTextA
ReleaseDC
LoadStringA
CharNextA
DestroyWindow
GetDlgItemTextA
EndDialog
SendMessageA
CreateDialogParamA
EnumChildWindows
MessageBoxA
SetTimer
GetDlgItem
EnableWindow
ExitWindowsEx
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
GetDC
DialogBoxParamA
ShowWindow

gdi32

GetDeviceCaps
DeleteObject
CreateFontA

advapi32

OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA

wsock32

htons
closesocket
setsockopt
recv
shutdown
WSAAsyncSelect
WSAStartup
WSACleanup
socket
WSAGetLastError
connect
send
ioctlsocket
gethostbyname

Exports

Exports

_LanguageDlg@16
_PasswordDlg@16
_ProgressDlg@16
_UpdateCRC@8
_t1@40
_t2@12

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WISE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f91519d4253225839077b954f9f8ede6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wsock32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 67KB

.WISE Size: 512B - Virtual size: 4B

.rsrc Size: 46KB - Virtual size: 46KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 67KB

.WISE
Size: 512B - Virtual size: 4B

.rsrc
Size: 46KB - Virtual size: 46KB