b9d17a4951f589cd3a426164b1d035fa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9d17a4951f589cd3a426164b1d035fa_JaffaCakes118
Size

165KB
MD5

b9d17a4951f589cd3a426164b1d035fa
SHA1

2adb5e5bb9fabeb73ebe82b2f950a10fe816f716
SHA256

4de067cdb8be3a426b91413061971e9a71c868b86c601fbea0eaabb2bf93bd7d
SHA512

b055582259bb38cc53b1cecee42573087a5246e180c145aec3ac1c45cbea5249deb6598be8d9397afae3f85d464fc7c7a2aec5f3ac82eff97ac32ae98ea0f3a2
SSDEEP

3072:N/bOSAR/fr8fpo7u1XorfhDeSN1PipJO/VqDF+C2LCuv+0WJupoB/E1Hb8l:5bOD5r0Qrfhv9s8IDF+1O0uoodgHwl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9d17a4951f589cd3a426164b1d035fa_JaffaCakes118

Files

b9d17a4951f589cd3a426164b1d035fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

54880f47c082dcdcd7082b2884b26eff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

kernel32

GlobalUnlock
lstrcmpW
SetEndOfFile
OutputDebugStringA
lstrcmpA
UnmapViewOfFile
RaiseException
SetEvent
ExitProcess
LCMapStringA
InitializeCriticalSection
CreateMutexA
HeapReAlloc
GetOEMCP
GetFullPathNameA
FreeLibrary
RtlUnwind
TerminateProcess
GetThreadIOPendingFlag
MultiByteToWideChar
GetTickCount
GetProcAddress
IsDBCSLeadByte
LoadLibraryW
ReleaseSemaphore
GetCPInfo
TransmitCommChar
SetHandleCount
GetStringTypeA
FlushFileBuffers
FileTimeToLocalFileTime
GetThreadPriority
GetStdHandle
GetEnvironmentStringsW
GetPriorityClass
CreateThread
GetCommandLineA
CreateFileMappingA
EnterCriticalSection
GetCurrentThreadId
HeapSize
LCMapStringW
CloseHandle
TlsFree
CreateSemaphoreA
TlsAlloc
TlsGetValue
InterlockedIncrement
LoadLibraryA
GetModuleFileNameA
GetCurrentProcess
SetLastError
SetPriorityClass
CompareStringA
EnumResourceNamesW
HeapDestroy
FreeEnvironmentStringsW
GlobalFree
lstrcpyA
GetStartupInfoA
WaitForSingleObject
SetStdHandle
HeapFree
GlobalAlloc
WritePrivateProfileStringA
GetTempPathW
HeapCreate
InterlockedExchange
CreateFileW
GetLastError
GetFullPathNameW
WriteFile
GetFileType
GetUserDefaultLCID
WideCharToMultiByte
IsBadReadPtr
GetDiskFreeSpaceExA
ExitProcess
FileTimeToSystemTime
ExitThread
FreeEnvironmentStringsA
MapViewOfFile
GetModuleHandleA
Sleep
CompareStringW
GetStringTypeW
GetSystemTime
GetPrivateProfileStringA
GetTempPathA
GetACP
ResetEvent
LeaveCriticalSection
GetEnvironmentVariableA
GetEnvironmentStrings
GetTimeZoneInformation
HeapAlloc
InterlockedDecrement
IsBadCodePtr
IsBadWritePtr
DeleteCriticalSection
GetTempFileNameA
UnhandledExceptionFilter
TlsSetValue
SetUnhandledExceptionFilter
SetEnvironmentVariableA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA

user32

wsprintfW
GetKeyState
wsprintfA
CharUpperA
CharNextA
MessageBoxA
CharLowerA

shlwapi

PathAddBackslashA

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54880f47c082dcdcd7082b2884b26eff

Headers

File Characteristics

Imports

msimg32

kernel32

advapi32

user32

shlwapi

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 23KB - Virtual size: 22KB

.crt Size: 512B - Virtual size: 72KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 23KB - Virtual size: 22KB

.crt
Size: 512B - Virtual size: 72KB