a83e5262eb6aa647698c7234cd81b60f_JaffaCakes118

General

Target

a83e5262eb6aa647698c7234cd81b60f_JaffaCakes118
Size

72KB
MD5

a83e5262eb6aa647698c7234cd81b60f
SHA1

b1143e995591767ce55468f236f7adf38dee6883
SHA256

5eddd8539355d9055d06aef8b1e7e9fe8ba86bde8ae2e54f9f166be339b5564d
SHA512

28bc0b9a79fb47ee96acc97f3a2b1a86325c323149acd8c279097b1f5e0045fa280af91992986c7838ae44e5ce80d6d25a294e5f645a6ab29ccda6003fe0d564
SSDEEP

1536:ytxajATekV7pnMGAegdLgTXkdh+wCTy61:CoUKdoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a83e5262eb6aa647698c7234cd81b60f_JaffaCakes118

Files

a83e5262eb6aa647698c7234cd81b60f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

30fc0d2cdfa5161cb366563b4fb99e8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strncmp
strncpy
malloc
free
modf
_ftol
atoi
sprintf

kernel32

RtlMoveMemory
GetCurrentProcess
ReadProcessMemory
lstrcpynA
LocalSize
RtlZeroMemory
GetCurrentThreadId
GetModuleHandleA
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
LCMapStringA
MulDiv

user32

UnhookWindowsHookEx
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetAsyncKeyState
DefWindowProcA
GetDlgItem
IsWindow
DestroyWindow
SetFocus
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
GetWindowRect
ScreenToClient
MoveWindow
SetWindowPos
PostMessageA
SetParent
IsWindowVisible
ShowWindow
IsWindowEnabled
EnableWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
MessageBoxA
SetPropA
GetPropA
RemovePropA
GetDC
ReleaseDC
wsprintfA
GetParent
ClientToScreen
DefFrameProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
FindWindowA
EndDialog
SendMessageA
DialogBoxParamA
LoadIconA
GetClassLongA

comctl32

ord17

gdi32

SetTextColor
SetBkMode
GetStockObject
SetBkColor
DeleteObject
GetDeviceCaps
CreateFontA
GetObjectA
CreateSolidBrush

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

30fc0d2cdfa5161cb366563b4fb99e8c

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

comctl32

gdi32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 50KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 50KB

.rsrc
Size: 16KB - Virtual size: 14KB