be003b242624a0ac834eb6fdcdf3d1fc_JaffaCakes118

General

Target

be003b242624a0ac834eb6fdcdf3d1fc_JaffaCakes118
Size

383KB
MD5

be003b242624a0ac834eb6fdcdf3d1fc
SHA1

156ef58deacff46e7d116c12542f24cc3b1eff75
SHA256

428ca453ffdf6d00e6147ee952f3f3c5c8abd0efaf74aae439a52caed41e0209
SHA512

d19a1a8c68ba32514beb091062190fd66a88c81dade3ca1b31e9f9f9862225792e818d4e0fec626f0e0410536d760cfcbdaaaa35425b4dec27137a2e1f973727
SSDEEP

6144:KzPcM2o4opD2RcDtkEaQpQDLoJbVYq0Y8OtqWhq+eUd1OC10LJGXVt/N+0ymsyV:KzUM2o4opDLGv3LoJGqP8OtqWhq5AoAT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be003b242624a0ac834eb6fdcdf3d1fc_JaffaCakes118

Files

be003b242624a0ac834eb6fdcdf3d1fc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c0a6836697791c98ff5d80fa905031f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__tzname
strcmp
_mbcjistojms
_setmbcp
_chmod
_ismbcalnum
wcstoul
isgraph
__badioinfo
_wfindnexti64

gdi32

GdiFlush
BRUSHOBJ_ulGetBrushColor
CreateEllipticRgnIndirect
SelectClipRgn
PlayMetaFileRecord

kernel32

GetFileAttributesExA
ReadConsoleW
SetConsoleMenuClose
GetConsoleDisplayMode
GetNumberOfConsoleInputEvents
BuildCommDCBW
GetMailslotInfo
EnumUILanguagesW
RegisterWowBaseHandlers
GetStartupInfoA
IsBadStringPtrW
lstrcmpiA
GetSystemWindowsDirectoryW
GetModuleHandleA
GetCommandLineA

advapi32

RegQueryValueExA
EncryptFileA
ElfFlushEventLog
ReadEventLogA
OpenProcessToken
RegSaveKeyW
EnumServicesStatusExW
SystemFunction002
AbortSystemShutdownW

user32

SwitchDesktop
ToAsciiEx
SendMessageTimeoutA
SendIMEMessageExA
UnregisterClassA
UserLpkTabbedTextOut
DdeAbandonTransaction
ShowWindow

ole32

CoRegisterSurrogate
PropVariantClear
ReadClassStm
CoTaskMemAlloc
CoCreateGuid
HBITMAP_UserSize

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0a6836697791c98ff5d80fa905031f8

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

gdi32

kernel32

advapi32

user32

ole32

Sections

.text Size: 379KB - Virtual size: 379KB

.data Size: 2KB - Virtual size: 541KB

.rsrc Size: 1024B - Virtual size: 932B

.text
Size: 379KB - Virtual size: 379KB

.data
Size: 2KB - Virtual size: 541KB

.rsrc
Size: 1024B - Virtual size: 932B