b70d66f33ffca0b75da7a89547dc2be6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b70d66f33ffca0b75da7a89547dc2be6_JaffaCakes118
Size

263KB
MD5

b70d66f33ffca0b75da7a89547dc2be6
SHA1

afce95c709f431657bb48d0f7c4f75ba40faba57
SHA256

45ecff239c2b0b531b1feff027cdd591e8831ebf8cfcdfb84a4a7bd83b92fcaa
SHA512

124eee7a3f47d9bc1b8aeb0a87aca3703e93b909bafe92cb940fe0fbf12cfc63196a669ef155a76abd6cbae3679ac4fd091c1c4fedc60c98a2ba397259d661c2
SSDEEP

6144:PWdaRlz4yfTeodFOQsVnWvOEABPDF1zAaC77byuXqYu:P8KlzAodFOQGnVEcDnPC77byuXHu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b70d66f33ffca0b75da7a89547dc2be6_JaffaCakes118

Files

b70d66f33ffca0b75da7a89547dc2be6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6362446c7a75aaaa8cdad4b5b9fd1f4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

WindowFromPoint
GetCursor
ReleaseDC
SetActiveWindow
LoadImageA
FindWindowA
DefMDIChildProcA
EnumChildWindows
IsDialogMessageA
IsWindow
GetScrollPos
FillRect
GetDC
LoadCursorA
SetClipboardViewer
SetCursorPos
RegisterClassA
GetCaretBlinkTime
DestroyCursor
GetActiveWindow
SendMessageA
GetScrollInfo
GetKeyboardLayout
IsWindowEnabled
DestroyIcon
GetMenuItemCount
CreateWindowExW
GetCursorPos
GetWindowLongA
GetClipboardFormatNameA
CallWindowProcW
GetKeyState
GetClientRect
IsDialogMessageW
DrawFrameControl
SetParent
PeekMessageA

gdi32

FillRgn
ExtTextOutA
Polygon
GetRgnBox
GetRasterizerCaps
SetMetaFileBitsEx
PatBlt
PlayMetaFileRecord
DeleteEnhMetaFile
CreateDIBitmap
DeleteDC
Escape
SetWindowExtEx

fdefgex

_FSnan
_Inf
_LNan
_LDscale
_FNan
_FExp
_FXbig
_Dscale
_FSinh

advapi32

RegQueryValueExW
RegOpenKeyA

ntdll

ZwOpenMutant
RtlCompareMemory
NtProtectVirtualMemory
NtQueryInformationProcess
NtQuerySection
NtSetDefaultLocale
NtReadFile
ZwSetEvent

kernel32

lstrlenW
HeapFree
GetLastError
WideCharToMultiByte
DeleteCriticalSection
GlobalDeleteAtom
GetCommandLineW
CompareFileTime
GlobalReAlloc
GetSystemTime
GetCurrentThread
lstrcmpW
SizeofResource
FileTimeToDosDateTime
InterlockedDecrement
HeapReAlloc
GetOEMCP
GetEnvironmentStringsW
GetEnvironmentStrings
SetErrorMode
WaitForSingleObject
GlobalMemoryStatus
TerminateProcess
FreeEnvironmentStringsA
ResetEvent
SetPriorityClass
LoadResource
GetCurrentThreadId
FileTimeToLocalFileTime
WaitForMultipleObjects
HeapSize
SearchPathA
Sleep
GetSystemTime
GlobalAlloc
LocalFree
ReadFile
lstrlenA

ole32

CoFreeUnusedLibraries
OleRun
MkParseDisplayName
StringFromCLSID
CoLockObjectExternal
RevokeDragDrop
OleQueryLinkFromData
OleLoad
WriteClassStg
OleRegEnumVerbs

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6362446c7a75aaaa8cdad4b5b9fd1f4f

Headers

DLL Characteristics

File Characteristics

Imports

user32

gdi32

fdefgex

advapi32

ntdll

kernel32

ole32

Sections

.text Size: 156KB - Virtual size: 156KB

.data Size: 52KB - Virtual size: 51KB

.rsrc Size: 53KB - Virtual size: 56KB

.text
Size: 156KB - Virtual size: 156KB

.data
Size: 52KB - Virtual size: 51KB

.rsrc
Size: 53KB - Virtual size: 56KB