af8e206a05558b4d96520447a320aba5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af8e206a05558b4d96520447a320aba5_JaffaCakes118
Size

432KB
MD5

af8e206a05558b4d96520447a320aba5
SHA1

d15d5269908678174508e00105bedbe87668485f
SHA256

8a271232d106311871df7ab989652d9c068f1695289ebc75fbb9ca5bfc3a1031
SHA512

ef3dc5b024f81398e5a188a6ebe7d408a813f8e91b29d62e541b790c07e7836cf58e38c6643e023c62e76e275131bb7c04b29276a1c183d01c04e306352a7c20
SSDEEP

6144:+WaZCtxqPsAu5TVFYJgYJXmvoSgiY9NYgdizAe1wEJ219nDnxpOqp1ih2XEwBGY/:+W6CtJ5TVyCk2HZAP89ty1rTp1ibr6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af8e206a05558b4d96520447a320aba5_JaffaCakes118

Files

af8e206a05558b4d96520447a320aba5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88f1ce6f32471fd14eb9e1aaa3de4de5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalLock
GlobalAddAtomA
GlobalDeleteAtom
GlobalUnlock
GlobalFree
LocalAlloc
LocalLock
LocalUnlock
LocalFree
lstrcmpA
CreateEventA
CloseHandle
CopyFileA
CreateFileA
lstrlenW
GetVersionExW
lstrcmpiW
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
ExpandEnvironmentStringsA
SetEvent
WaitForSingleObject
ResetEvent
OutputDebugStringA
DisableThreadLibraryCalls
GetProcAddress
lstrcpynW
CreateProcessW
FormatMessageW
GetWindowsDirectoryW
InterlockedDecrement
GetCurrentProcess
GetModuleFileNameW
lstrcpyW
GetLocalTime
GetSystemTime
lstrcatW
CreateDirectoryW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
VirtualAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
GetSystemInfo
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentThreadId
GlobalAlloc
GlobalGetAtomNameA
lstrcmpiA
GlobalSize
GlobalFindAtomA
GetCommandLineA
InterlockedIncrement
VirtualProtect
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
VirtualQuery
GetVersionExA
GetStartupInfoA
RtlUnwind
GetModuleHandleA

user32

UnpackDDElParam
GetWindow
FreeDDElParam
PackDDElParam
SendMessageA
RemovePropA
GetPropA
SetPropA
wsprintfW
LoadStringW
CharNextW
DestroyWindow
GetWindowLongA
GetParent
PostMessageA
SetTimer
SetWindowLongA
SetWindowWord
CreateWindowExA
EnumPropsA
EnumChildWindows
IsWindow
KillTimer
GetDesktopWindow
GetWindowThreadProcessId
GetClassNameA

advapi32

RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegCreateKeyW
RegOpenKeyW
RegCloseKey

gdi32

GetObjectA
SetBitmapBits
CreateBitmap
CopyEnhMetaFileA
DeleteMetaFile
DeleteObject
GetBitmapBits
DeleteEnhMetaFile

ole32

CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoImpersonateClient
CoRevertToSelf
StringFromGUID2

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88f1ce6f32471fd14eb9e1aaa3de4de5

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 304KB - Virtual size: 602KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 304KB - Virtual size: 602KB

.rsrc
Size: 10KB - Virtual size: 9KB