c05a390e4c4e1d76972092a451665ae5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c05a390e4c4e1d76972092a451665ae5_JaffaCakes118
Size

99KB
MD5

c05a390e4c4e1d76972092a451665ae5
SHA1

3b184f9161651bc3b425bf686bb7076ffbcf1fe9
SHA256

1df0c5384cdea4160b5b26b8f6687396ae299b0ac1bee50b5ef0a9b0cd5d43be
SHA512

44a3332ebfacc4bfb81ce1dc1bd55975f2b576e2e9c5e887e10ae0770df3852d9680266ea9a4c28aec6bc021b2b27f54681d2280ba4e1ae4bd9b9913b6a99ce4
SSDEEP

1536:dEtOS4nQl+gJR9UxLMKWC9kcpk+kAdRlkOC6RVvownMdlXt3K:IOIl+gtUxICxpkp0HC6/Hn+Xt6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c05a390e4c4e1d76972092a451665ae5_JaffaCakes118

Files

c05a390e4c4e1d76972092a451665ae5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c1f1eae6930a7c24a1eb86b8df693939

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
SetCurrentDirectoryA
GetCurrentProcess
ExpandEnvironmentStringsA
GetTempPathA
GlobalFree
FreeLibrary
lstrcmpA
Sleep
ExitProcess
DeleteFileA
GetSystemDirectoryA
GetVersionExA
GlobalLock
GetTempFileNameA
_lopen
GetModuleFileNameA
GetModuleHandleA
GetCommandLineA
SetErrorMode
GlobalAlloc
GetExitCodeProcess
WaitForSingleObject
CreateDirectoryA
lstrcmpiA
GetFileTime
CreateFileA
GetUserDefaultLangID
lstrcpyA
lstrlenA
GetPrivateProfileIntA
GetPrivateProfileStringA
_lcreat
LoadLibraryA
GetProcAddress
SetFileTime
lstrcatA
_lwrite
_lclose
DosDateTimeToFileTime
LocalFileTimeToFileTime
_llseek
_lread
CloseHandle

user32

CharNextA
DestroyWindow
GetDlgItemTextA
EndDialog
GetDlgItem
SendMessageA
GetDC
LoadStringA
SetWindowTextA
SetTimer
ExitWindowsEx
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
DialogBoxParamA
MessageBoxA
CreateDialogParamA

gdi32

GetDeviceCaps

advapi32

CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
OpenSCManagerA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA

wsock32

htons
closesocket
setsockopt
recv
shutdown
WSAAsyncSelect
WSAStartup
WSACleanup
socket
WSAGetLastError
connect
send
ioctlsocket
gethostbyname

Exports

Exports

_LanguageDlg@16
_PasswordDlg@16
_ProgressDlg@16
_UpdateCRC@8
_t1@40
_t2@12

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WISE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1f1eae6930a7c24a1eb86b8df693939

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wsock32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 67KB

.WISE Size: 512B - Virtual size: 4B

.rsrc Size: 73KB - Virtual size: 76KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 67KB

.WISE
Size: 512B - Virtual size: 4B

.rsrc
Size: 73KB - Virtual size: 76KB