c1936a7096bc9cca95e91f37b9ec4c4b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c1936a7096bc9cca95e91f37b9ec4c4b_JaffaCakes118
Size

138KB
MD5

c1936a7096bc9cca95e91f37b9ec4c4b
SHA1

3b92ed4c6ebf4fa7daab505d18b88640bffbc33e
SHA256

178bceee961f2223cc1a3594bb2144ae832288940b35bffd8bbb7b30bb40fb61
SHA512

167458761eb20b83e4048351a1e0a03a372dc18f507d69e96e61890ffedde1a0ef6b3daaeec57aef8694bdba736bee51d7f25768764146f6a19e45d7c6b33b9d
SSDEEP

3072:fyxB73h1Vljl8OEuHGW2asWileKpOYmzegWfB3lECtv6PWqsnq2Au4m:KxBr58OE0GW2afilxOYmzeRfBt56PWqQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1936a7096bc9cca95e91f37b9ec4c4b_JaffaCakes118

Files

c1936a7096bc9cca95e91f37b9ec4c4b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0daf983599745c7ced4d322a74b2ba81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CreateServiceA
StartServiceA

shlwapi

wnsprintfA
StrStrIA
StrStrA

kernel32

MapViewOfFile
CreateFileMappingA
CreateThread
GetCurrentThreadId
CreateMutexA
CloseHandle
OpenMutexA
GetSystemDirectoryA
Sleep
ExitProcess
ExitThread
TerminateThread
OpenThread
lstrcmpA
lstrlenW
IsBadReadPtr
lstrcmpiA
GetTickCount
HeapCreate
HeapAlloc
HeapReAlloc
HeapFree
IsBadWritePtr
WaitForSingleObject
ReleaseMutex
SystemTimeToFileTime
GetTimeZoneInformation
GetLastError
GetVersion
CreateFileA
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
CreateProcessA
GetEnvironmentVariableA
UnmapViewOfFile
GetSystemTime
SetEvent
OpenEventA
GetCurrentProcessId
lstrcmpW
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetOverlappedResult
SetLastError
WriteFile
GetProcAddress
LoadLibraryA
CreateEventA
GetProcessHeap
GetSystemInfo
VirtualAlloc
VirtualProtect
GetCommandLineA
LCMapStringA
LCMapStringW
WideCharToMultiByte
GetLocaleInfoA
VirtualQuery
InterlockedExchange
RtlUnwind
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetModuleFileNameA
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
DeviceIoControl

user32

CharLowerA
GetDC
wsprintfA

dnsapi

DnsExtractRecordsFromMessage_W
DnsQuery_A
DnsRecordListFree

gdiplus

GdipFillRectangleI
GdipDrawString
GdipDrawImageI
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipDeletePrivateFontCollection
GdipCreateFont
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneImage
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateSolidFill
GdiplusShutdown
GdipDrawLineI
GdipGetImageWidth
GdipSaveImageToStream
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteFont
GdipPrivateAddMemoryFont
GdipNewPrivateFontCollection
GdipGetFontCollectionFamilyCount
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipAlloc
GdipFree
GdipReleaseDC
GdipGetDC
GdipGetImageHeight
GdiplusStartup
GdipGetImageGraphicsContext
GdipGetImageEncoders

gdi32

GetTextExtentPoint32A

ole32

CreateStreamOnHGlobal

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 21.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0daf983599745c7ced4d322a74b2ba81

Headers

File Characteristics

Imports

advapi32

shlwapi

kernel32

user32

dnsapi

gdiplus

gdi32

ole32

Sections

.text Size: 75KB - Virtual size: 75KB

.data Size: 2KB - Virtual size: 21.7MB

.rsrc Size: 59KB - Virtual size: 58KB

.text
Size: 75KB - Virtual size: 75KB

.data
Size: 2KB - Virtual size: 21.7MB

.rsrc
Size: 59KB - Virtual size: 58KB