bddf97f95f7115c3d3d3024dfaace08a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bddf97f95f7115c3d3d3024dfaace08a_JaffaCakes118
Size

508KB
MD5

bddf97f95f7115c3d3d3024dfaace08a
SHA1

5c26445ec834001ad1035856e090a27e68dc77dc
SHA256

dc829ff522003b62867adda4a85e08c1940a4da5ea12eea10f2c64d597755f89
SHA512

1639872b0996d53eeb711763ca72388842f3cf5b2faf96545e5231b768ab8e21cef53b7f5e6f1777c62482f2d9e94f37d09c9a761a32ff4d4e7e458a0b4a9c87
SSDEEP

12288:Nn7TdRbFzRx3Q2DCLUCH7UnnWySADDxy:Nn7T9/w1HDcDDxy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bddf97f95f7115c3d3d3024dfaace08a_JaffaCakes118

Files

bddf97f95f7115c3d3d3024dfaace08a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4fe1558c1e9d43e403ad63556d06fe01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
FindFirstFileA
ReadFile
SetFilePointer
TlsFree
MapViewOfFile
RaiseException
GetCurrentThread
InterlockedCompareExchange
GetCommandLineA
GetCurrentDirectoryA
GetCommandLineW
GetCurrentProcessId
SizeofResource
GetModuleFileNameA
GlobalUnlock
GetEnvironmentStringsW
LCMapStringA
GetConsoleCP
GlobalFree
lstrlenA
UnmapViewOfFile
LCMapStringW
GetLastError
InterlockedIncrement
HeapAlloc
TlsSetValue
GetFileType
CreateFileW
GetProcAddress
FindNextFileA
CreateFileMappingA
CompareStringA
FindNextFileW
CompareStringW
GetProcessHeap
GetSystemInfo
GlobalLock
DeleteFileW
GetWindowsDirectoryA
DeleteFileA
GetFileSize
GetStartupInfoA
LoadLibraryA
FlushFileBuffers
TlsAlloc
GetTickCount
QueryPerformanceCounter
SetEvent
LoadLibraryW
SetHandleCount
EnterCriticalSection
HeapFree
CloseHandle
WriteConsoleW
LeaveCriticalSection
GetCurrentThreadId
GlobalAlloc
GetVersion
TerminateProcess
SetEnvironmentVariableA
GetSystemDirectoryA
SetUnhandledExceptionFilter
CreateThread
GetModuleHandleA
CreateMutexA
MultiByteToWideChar
UnhandledExceptionFilter
RemoveDirectoryA
GetVersionExA
ExitProcess
IsDebuggerPresent
GetModuleFileNameW
SetLastError
FormatMessageA
InterlockedDecrement
LoadResource
InitializeCriticalSection
FormatMessageW
LocalFree
FreeLibrary
GetStringTypeW
HeapReAlloc
SetStdHandle
InterlockedExchange
GetStringTypeA
WideCharToMultiByte
SetErrorMode
CreateFileA
LocalAlloc
GetLocaleInfoA
GetConsoleMode
GetCurrentProcess
DeleteCriticalSection
FreeEnvironmentStringsA
GetStdHandle
GetFileAttributesW
HeapDestroy
LockResource
WaitForSingleObject
GetFileAttributesA
GetConsoleOutputCP
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
TlsGetValue
GetEnvironmentVariableA
RtlUnwind
GetCPInfo
GetOEMCP
GetEnvironmentStrings
IsValidCodePage
HeapCreate
WriteFile
VirtualFree
Sleep
FindResourceA
WriteConsoleA
VirtualAlloc

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegDeleteValueA
RegCloseKey

user32

SetCursor
CallWindowProcA
DrawTextA
SendMessageA
InvalidateRect
SystemParametersInfoA
GetSysColor
MoveWindow
SetDlgItemTextA
EndDialog
SetForegroundWindow
SetWindowTextA
IsIconic
GetWindowRect
GetSystemMetrics
FillRect
GetWindowLongA
EnableMenuItem
GetWindow
TranslateMessage
PeekMessageA
ShowWindow
GetParent
GetClientRect
ReleaseDC
GetCursorPos
SetWindowPos
PostQuitMessage

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 480KB - Virtual size: 478KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fe1558c1e9d43e403ad63556d06fe01

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 480KB - Virtual size: 478KB

.rsrc Size: 4KB - Virtual size: 808B

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 480KB - Virtual size: 478KB

.rsrc
Size: 4KB - Virtual size: 808B