bab13f25d0e3d9de6ca8065f0947ec39_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bab13f25d0e3d9de6ca8065f0947ec39_JaffaCakes118
Size

48KB
MD5

bab13f25d0e3d9de6ca8065f0947ec39
SHA1

cdd6ca207e7f3d1b3ce9d22284a5614a32748866
SHA256

2b58ad79b67b5558a967b7bdd6764eeacbdb68261822637b63e94dc5359ea51d
SHA512

16b231bbc3afed23550f33adc566c772a0c257cdc81b9b3615bb251a7f657fdd3f1f5093a54bc5f57e17eda30e6552b9a48b5bfa1e4ac7a75e0d456aec762bee
SSDEEP

768:IA7Iqixnt/eDVruAB4/cCjgUWNCt0hRIOdx41zaResO0zaZNan8+ztERre4tbi:IA7fwuyWQZcrNzRXGORrazaXuV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bab13f25d0e3d9de6ca8065f0947ec39_JaffaCakes118

Files

bab13f25d0e3d9de6ca8065f0947ec39_JaffaCakes118
.exe windows:4 windows x86 arch:x86

218cee7af2ab439f132684e3468874fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA

kernel32

GetWindowsDirectoryA
GetTickCount
SetEvent
GetProcAddress
lstrcmpA
GetModuleHandleA
HeapFree
LocalAlloc
GetModuleFileNameA
LoadLibraryA
lstrcpyA
InterlockedDecrement
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
GetSystemDirectoryA
LocalFree
lstrcatA
CreateFileA
CreateThread
HeapSize
VirtualAlloc
CreateEventA
GetDiskFreeSpaceA
lstrlenA
HeapAlloc
lstrcmpiA
CloseHandle
GetProcessHeap
InterlockedIncrement
HeapReAlloc
FreeLibrary

advpack

RegInstall

user32

DestroyIcon
LoadBitmapA
IsDialogMessageA
ShowWindow
LoadStringA
LoadImageA
GetSysColor
DrawTextA
SetWindowLongA
SendDlgItemMessageA
DispatchMessageA
CheckDlgButton
GetWindowRect
MessageBoxA
EnableWindow
GetDC
wsprintfA
SendMessageA
ReleaseDC
GetWindowTextA
GetWindowLongA
DestroyWindow
CreateDialogParamA
InvalidateRect
GetDlgItem
EndDialog
SetWindowPos
IsWindow
CharUpperA
DialogBoxParamA
TranslateMessage
MsgWaitForMultipleObjects
IsDlgButtonChecked
CharPrevA
SetDlgItemTextA
GetClientRect
SetWindowTextA
PeekMessageA

atl

AtlMarshalPtrInProc

gdi32

GetDeviceCaps
SetTextColor
BitBlt
ExtTextOutA
ModifyWorldTransform
SetBkColor
CreateFontIndirectA
SetViewportOrgEx
SetWindowOrgEx
CreateSolidBrush
SelectObject
DPtoLP
DeleteDC
SetGraphicsMode
CreateCompatibleDC
GetTextMetricsA
SaveDC
GetObjectA
DeleteObject
RestoreDC

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

ntdll

NtAddAtom

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

218cee7af2ab439f132684e3468874fa

Headers

File Characteristics

Imports

version

advapi32

kernel32

advpack

user32

atl

gdi32

ole32

ntdll

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 428B

.idata Size: 46KB - Virtual size: 45KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 448B

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 428B

.idata
Size: 46KB - Virtual size: 45KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 448B