bb973b4cd42e6a4af60dfd23c17392ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb973b4cd42e6a4af60dfd23c17392ca_JaffaCakes118
Size

645KB
MD5

bb973b4cd42e6a4af60dfd23c17392ca
SHA1

45520773fa265d8abc3ad1cb279d3c1abd104596
SHA256

8b782d01ee757b91cd7ef704d7053442fea6d54b4d53a1595bd75f6c63523e66
SHA512

3cb2529c9b780c141523d9a53132e27ea6b0c0e0fef258f1b09ea9cd9eea49336a3f4fd681e2fbb36b804d3a9cce4f78fd0ee28abd43fb5aee0d338bd02dcbd1
SSDEEP

12288:+WLYqPOOaYgrymO+rXLU7Sna49ahlaFoIAdKPyy/9IwZWH5tkelkcxFktBMTvZ9h:RLlPOOaYgryqr7U7sa49ahlaFoIAdm9+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb973b4cd42e6a4af60dfd23c17392ca_JaffaCakes118

Files

bb973b4cd42e6a4af60dfd23c17392ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ff49354e9d02632d28056c38f94ed1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\ex\xiimaa.pdb

Imports

user32

CallMsgFilterW
CreateAcceleratorTableW
ClipCursor
EnumDesktopsA
RegisterClassA
BeginPaint
CallWindowProcW
DrawTextExA
UnhookWindowsHook
ScrollWindow
DdeCreateStringHandleA
DdeCmpStringHandles
GetClipboardFormatNameW
ToUnicode
IsChild
DispatchMessageA
GetCapture
RegisterClassExA
LoadBitmapA
GetDlgItemTextW
FindWindowA

comctl32

InitCommonControlsEx

kernel32

VirtualQuery
CompareStringW
DeleteCriticalSection
SetStdHandle
InitializeCriticalSection
VirtualFree
GetUserDefaultLCID
VirtualAlloc
FreeEnvironmentStringsA
IsBadWritePtr
HeapFree
VirtualProtect
GetTickCount
GetCurrentThreadId
HeapAlloc
GetCurrentProcess
GetTimeFormatA
IsValidLocale
LCMapStringW
TlsGetValue
FreeEnvironmentStringsW
GetCurrentThread
HeapDestroy
WriteFile
SetHandleCount
LCMapStringA
TlsFree
GetVersionExA
ReadConsoleOutputA
HeapSize
IsValidCodePage
GetLastError
LoadLibraryA
ReadFile
GetEnvironmentStringsW
GetOEMCP
ExitProcess
MultiByteToWideChar
GetFileType
UnhandledExceptionFilter
GetStdHandle
RtlUnwind
lstrcmpA
HeapReAlloc
GetSystemInfo
CompareStringA
EnumSystemLocalesA
OpenMutexA
CreateMutexA
GetStringTypeW
SetFilePointer
QueryPerformanceCounter
GetProcAddress
GetLocaleInfoA
TlsAlloc
GetACP
GetModuleFileNameA
GetCommandLineA
SetEnvironmentVariableA
GetModuleHandleA
GetStringTypeA
LeaveCriticalSection
GetCPInfo
GetLocaleInfoW
SetLastError
HeapCreate
GetTimeZoneInformation
CloseHandle
InterlockedExchange
GetDateFormatA
TlsSetValue
FindResourceA
GetEnvironmentStrings
WideCharToMultiByte
LocalShrink
GetCurrentProcessId
GetStartupInfoA
FlushFileBuffers
TerminateProcess
EnterCriticalSection
GetSystemTimeAsFileTime

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ff49354e9d02632d28056c38f94ed1a

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

kernel32

Sections

.text Size: 471KB - Virtual size: 471KB

.rdata Size: 54KB - Virtual size: 65KB

.data Size: 110KB - Virtual size: 109KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 471KB - Virtual size: 471KB

.rdata
Size: 54KB - Virtual size: 65KB

.data
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 8KB - Virtual size: 7KB