be6ccdfa9f0e237cca6808679a919ce1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be6ccdfa9f0e237cca6808679a919ce1_JaffaCakes118
Size

230KB
MD5

be6ccdfa9f0e237cca6808679a919ce1
SHA1

c527d22d4b7e8cd9d04e090265ff25376828a57e
SHA256

f412e2cb3766b5e6d99f5ea8b9105115a89c6dbab18149cf5d35213ca35a60a9
SHA512

5395802da34e552044bedaa217c8e9f7b8028aa5d3ebc066950232d256687b2de271b905f39b9f2839be1d77fb9865c2dcd0109faec319e7e3b62778a1b25cae
SSDEEP

6144:0MBaXdgeEbdgEWv6RsI2OalfGCiFRLZBf8IDO83o:0MB+rEb6F66OaRGjLZuID

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be6ccdfa9f0e237cca6808679a919ce1_JaffaCakes118

Files

be6ccdfa9f0e237cca6808679a919ce1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5017e983ffe1d43ec375931e93586f98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

gdi32

GetBkColor
ExtTextOutW
SetTextColor

kernel32

GetVersionExA
GetProcAddress
TlsGetValue
ExitProcess
GetStartupInfoA
HeapFree
WriteFile
VirtualProtect
SetStdHandle
lstrlenA
GetCommandLineA
DisableThreadLibraryCalls
FindNextFileA
ResumeThread
FindNextFileW
GetStdHandle
DeviceIoControl
CreateFileMappingA
GetLastError
WriteConsoleW
SetConsoleCP
GetOEMCP
TlsFree
FlushFileBuffers
LCMapStringW
WideCharToMultiByte
lstrcmpW
CompareStringW
Sleep
CreateFileA
SetFileAttributesW
GetModuleFileNameA
FindClose
HeapAlloc
GetModuleHandleA
GlobalHandle
GetModuleHandleW
GetCurrentProcess
FindFirstFileA
GetFileAttributesW
TlsAlloc
FormatMessageW
GetCurrentProcessId
InterlockedDecrement
SetLastError
LocalReAlloc
GetExitCodeProcess
GetACP
IsValidCodePage
HeapSize
GetTempPathA
GetStringTypeA
TerminateProcess
GlobalReAlloc
LeaveCriticalSection
GetSystemTimeAsFileTime
GetModuleFileNameW
FreeLibrary
FreeResource
QueryPerformanceCounter
FileTimeToSystemTime
HeapReAlloc
SetUnhandledExceptionFilter
DeleteCriticalSection
SetErrorMode
InitializeCriticalSection
CloseHandle
SetEndOfFile
EnterCriticalSection
TlsSetValue
InterlockedExchange
VirtualFree
GetCurrentThreadId

user32

GetPropA
MessageBoxA
RegisterClassA
CallWindowProcW
DestroyWindow
EnableMenuItem
InvalidateRect
GetWindowPlacement
ReleaseDC
GetParent
UpdateWindow
GetWindowTextA
LoadStringW
GetFocus
WindowFromPoint
UnregisterClassA
SendDlgItemMessageA
IsWindow
GetWindowRect

msvcrt

_exit
_XcptFilter
_initterm
??1type_info@@UAE@XZ
?what@exception@@UBEPBDXZ
__CxxFrameHandler
_amsg_exit
wcstol
?terminate@@YAXXZ
??1exception@@UAE@XZ
_unlock
_cexit
??0exception@@QAE@ABV0@@Z
_wcsicmp
memset

advapi32

RegDeleteKeyA
GetTokenInformation
RegQueryValueExA
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyA
SetSecurityDescriptorDacl
RegDeleteKeyW

ole32

CoUninitialize
CLSIDFromProgID

version

VerQueryValueA

rpcrt4

RpcStringFreeW

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5017e983ffe1d43ec375931e93586f98

Headers

File Characteristics

Imports

gdi32

kernel32

user32

msvcrt

advapi32

ole32

version

rpcrt4

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 185KB - Virtual size: 434KB

.rsrc Size: 1024B - Virtual size: 942B

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 185KB - Virtual size: 434KB

.rsrc
Size: 1024B - Virtual size: 942B