b1d59b015b938ab115eab33677c74889_JaffaCakes118

General

Target

b1d59b015b938ab115eab33677c74889_JaffaCakes118
Size

129KB
MD5

b1d59b015b938ab115eab33677c74889
SHA1

0c896040b61b94c7010433c77cbe8fafdc1706b2
SHA256

28b4cc323f68ac10c3d55561db8f82b46af6188c702139b731889fef06f2a58e
SHA512

51252e1104ec0df2d0456fd59657ee69be16558c633afa07062e2d6791c6764d749a0a2032058864a4572022be7822ad401bfa993501ca2afa46fd3a3cef5df1
SSDEEP

3072:joMlqwN6G9MRmdJ3CZGatq1wZqYcbWGsUcLRHb5TvcZ:jLlz2mdJ3CZGaklYgWGaL9b5TvI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1d59b015b938ab115eab33677c74889_JaffaCakes118

Files

b1d59b015b938ab115eab33677c74889_JaffaCakes118
.exe windows:4 windows x86 arch:x86

687550bf188aeeafbea52e7908bda473

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
ShowWindow
ReleaseDC
SendMessageW
CharNextW
GetWindowRect
LoadCursorA
MessageBoxA
GetSystemMetrics
IsChild
SendDlgItemMessageA
InvalidateRect
CharNextA
SetTimer
SetForegroundWindow
PostMessageA
EndDialog
CharPrevW
EnableWindow
wsprintfW
PeekMessageW
PostQuitMessage
GetSysColor
CharPrevA
GetSysColorBrush
SetCursor
IsCharLowerA
CreateWindowExA
KillTimer
TranslateMessageEx
GetParent
GetDlgItemTextA
RegisterClassExA
GetWindowLongA
SetDlgItemInt
DefWindowProcA
SetWindowPos
DispatchMessageW

kernel32

FatalAppExitW
GetLocaleInfoA
GetFileAttributesA
CompareStringA
GetDateFormatA
GetCurrencyFormatW
DeleteFileW
Beep
GetShortPathNameA
GetCalendarInfoA
lstrcpy
lstrcmpi
lstrlen
GetSystemTime
GetCommandLineW
GetFileInformationByHandle
WaitForSingleObjectEx
GetModuleFileNameW
lstrcmpA
WaitForSingleObject
GetStartupInfoW
CreateNamedPipeW

ntdll

RtlFindClearRuns
RtlFirstEntrySList
NtLoadDriver
RtlEnlargedUnsignedMultiply
ZwWriteRequestData
RtlIpv6StringToAddressExA
ZwQueryMultipleValueKey
ZwSetVolumeInformationFile
ZwAllocateVirtualMemory
_strcmpi
_ui64toa
RtlCompareMemory
RtlIsThreadWithinLoaderCallout
RtlInterlockedPushEntrySList
RtlFindNextForwardRunClear

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

687550bf188aeeafbea52e7908bda473

Headers

File Characteristics

Imports

user32

kernel32

ntdll

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 65KB - Virtual size: 84KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 65KB - Virtual size: 84KB

.rsrc
Size: 6KB - Virtual size: 5KB