ba292ffb1167b1b7512f93889fd4070c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ba292ffb1167b1b7512f93889fd4070c_JaffaCakes118
Size

15KB
MD5

ba292ffb1167b1b7512f93889fd4070c
SHA1

1a45487f72c289b7b9ebbc62a76ce8d6946285b5
SHA256

b9f4b3658eaf27a619084d4095e8fcfea79f9330c5054d91a5c66b706ea829bb
SHA512

0a79df5d7804d8c3437abe5c4ccdfacf28b34552b4fcc97a7a6349e464d9f710253e24cc95de067b21455828b27c00909c67c83a0b7cf1718eba072fee12cfdd
SSDEEP

192:5+lbqHSP6pooKFH2OsMfZSDk2Rcq/yiz4AgS8KcBOas7XIZ8LU63At:5iOHSP6pobp2h0Svc3S8xBfsTIZMTU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba292ffb1167b1b7512f93889fd4070c_JaffaCakes118

Files

ba292ffb1167b1b7512f93889fd4070c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

40371f37edb23e4b0ddbd5c34834dfd4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalDeleteAtom
IsDebuggerPresent
CloseHandle
GetACP
GetUserDefaultLCID
GetOEMCP
BeginUpdateResourceA
lstrcpyA
ReleaseMutex
lstrcpyW
ContinueDebugEvent
FlushInstructionCache
GetThreadPriorityBoost
Module32Next
SetConsoleCP
GetVersionExW
GetCommandLineW
GetStartupInfoA
GetFileTime
GetConsoleWindow
DeleteFileW
DebugActiveProcess
GetSystemWindowsDirectoryA
GetExitCodeThread
CopyFileA
GetFileAttributesW
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
GetAtomNameW
OpenProcess
GlobalFindAtomA
GetFileType
ResumeThread
LoadLibraryA
GetPriorityClass
CreateToolhelp32Snapshot
VirtualAlloc
WaitForSingleObject
CreateEventA
GetProcAddress
IsBadReadPtr
VirtualProtect
ExitProcess
VirtualFree
GetModuleHandleA

user32

IsWindowEnabled
GetClipboardSequenceNumber
GetProcessWindowStation
GetKeyboardLayout
GetFocus
IsMenu
GetMenuItemCount
DestroyCaret
IsWindow
HideCaret
GetClipboardOwner
GetCaretPos
GetProcessDefaultLayout
IsZoomed
GetAsyncKeyState
GetCursorInfo
GetMenuItemID
GetCursor
GetClipboardViewer
FindWindowA
IsChild
PostQuitMessage
DestroyWindow
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
MessageBoxA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA

winscard

SCardEstablishContext
SCardReleaseContext

winmm

PlaySoundA

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40371f37edb23e4b0ddbd5c34834dfd4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winscard

winmm

Sections

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 200KB

.text Size: 122KB - Virtual size: 121KB

.rsrc Size: 38KB - Virtual size: 38KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 200KB

.text
Size: 122KB - Virtual size: 121KB

.rsrc
Size: 38KB - Virtual size: 38KB