a8d9d76ed48f5d2f4343577b8b72c5e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a8d9d76ed48f5d2f4343577b8b72c5e6_JaffaCakes118
Size

252KB
MD5

a8d9d76ed48f5d2f4343577b8b72c5e6
SHA1

f6522be4eb88d6666f429bd7c2e8f758b5ce8a2a
SHA256

21ffdcfec2facc44ddbd578c4bbeb3a6fee6dc56f23bead0281597879870af9d
SHA512

5ea5880f961e564b433b4ed91cac689a74a78cc6c342e16835284634a730ccde9adc5cb7670dbd837f97866d75d15554d083d77bdda24f8fcd6832aa3a74b63b
SSDEEP

6144:+gJQMkT6xVoHvKkw7JBptp3xUDxbcPpodJs:1NuykupidG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8d9d76ed48f5d2f4343577b8b72c5e6_JaffaCakes118

Files

a8d9d76ed48f5d2f4343577b8b72c5e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

63f8c2370c5cc615767cdcab339f3048

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
GetTickCount
GetCurrentProcess
MultiByteToWideChar
GetSystemDirectoryW
GetVersionExA
GetProcessHeap
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsAlloc
GetCurrentThreadId
HeapCreate
ExitProcess
GetModuleFileNameA
GetEnvironmentStringsW
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
Sleep
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
GetProcAddress

user32

GetSystemMetrics
RegisterClassExA
GetDCEx
GetCapture
GetCaretPos
DestroyIcon
wsprintfW
UnregisterClassA
CreateDesktopA
GetSubMenu
TrackPopupMenuEx
CreateWindowExW
CharNextA
wvsprintfW
GetAsyncKeyState
MessageBoxA
GetDlgItemTextA
MoveWindow
UpdateLayeredWindow
MonitorFromWindow
AdjustWindowRect

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

usp10

ScriptGetProperties
ScriptGetGlyphABCWidth
LpkPresent
ScriptStringOut
ScriptXtoCP
ScriptString_pcOutChars
ScriptTextOut
ScriptStringValidate

gdi32

CreateColorSpaceA
CreateICW
CreateICA
CreateCompatibleDC
CreateEllipticRgn
CreateScalableFontResourceW
GetEnhMetaFileW

t2embed

TTEnableEmbeddingForFacename
TTEmbedFont
TTDeleteEmbeddedFont

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.icode
Size: 4KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 83KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 130KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63f8c2370c5cc615767cdcab339f3048

Headers

File Characteristics

Imports

kernel32

user32

advapi32

usp10

gdi32

t2embed

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 51KB

.icode Size: 4KB - Virtual size: 266KB

.edata Size: 83KB - Virtual size: 101KB

.edata Size: 4KB - Virtual size: 179KB

.data Size: 7KB - Virtual size: 345KB

.edata Size: 130KB - Virtual size: 137KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 51KB

.icode
Size: 4KB - Virtual size: 266KB

.edata
Size: 83KB - Virtual size: 101KB

.edata
Size: 4KB - Virtual size: 179KB

.data
Size: 7KB - Virtual size: 345KB

.edata
Size: 130KB - Virtual size: 137KB

.rsrc
Size: 3KB - Virtual size: 3KB