c1de167e971e1f78049747ac408aae79_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1de167e971e1f78049747ac408aae79_JaffaCakes118
Size

514KB
MD5

c1de167e971e1f78049747ac408aae79
SHA1

4b46274bc35694af89f2e1b4a04bdf2dc68e137f
SHA256

63d5dbf73fcdb36c45754dc99fb3782df713167ebfdfdc91b5427b4c2cbe8740
SHA512

9dd28b730e9ea9d1f729fbd96310493f6625f49905e6a825f24cfd4eb5ddd7af832e54cedaf6b3a63760a8b7565acb3aebea20f9e85649ba25d05bf6b145cf96
SSDEEP

12288:dN30L3/dROlF5BhqLcDY+3u7XPWEhC2k8ZBD+bKpXcIA0xX:bcLAF5BhqLcDYXDPWEr/Zh+byXcvs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KEYGEN.EXE

Files

c1de167e971e1f78049747ac408aae79_JaffaCakes118
.rar
KEYGEN.EXE
.exe windows:4 windows x86 arch:x86

674f1c3545642f5768ff5a0302208629

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

kernel32

GetVolumeInformationA
GetDriveTypeA
GlobalFree
GlobalAlloc
VirtualAlloc
VirtualFree
GetLastError
SetLastError
GetProcessTimes
LocalFree
LocalAlloc
GetCurrentThread
CreateFileA
SetThreadPriority
ReadFile
WriteFile
DeviceIoControl
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetPrivateProfileStringA
GetPrivateProfileIntA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
GetTickCount
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoA
InitializeCriticalSection
SetStdHandle
InterlockedExchange
HeapSize
GetCurrentDirectoryA
GetFullPathNameA
SetEnvironmentVariableW
SetEnvironmentVariableA
SetFilePointer
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
GetStringTypeW
GetStringTypeA
GetWindowsDirectoryA
GetModuleHandleA
GetCurrentProcess
DuplicateHandle
SetErrorMode
CompareStringW
LoadLibraryA
RtlUnwind
HeapCreate
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
SetEvent
CreateEventA
WaitForSingleObject
ResetEvent
FreeLibrary
CloseHandle
Sleep
GetVersion
GetVersionExA
SetEndOfFile
CompareStringA
ExitProcess
TerminateProcess
GetStartupInfoA
GetCommandLineA
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetSystemTimeAsFileTime
MultiByteToWideChar
ExitThread
ResumeThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateDirectoryA
GetFileAttributesA
DeleteFileA
DeleteCriticalSection
VirtualProtect
GetSystemInfo
VirtualQuery
LCMapStringA
WideCharToMultiByte
LCMapStringW
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy

user32

DialogBoxIndirectParamA
CreateDialogIndirectParamA
wsprintfA
SetWindowTextA
GetFocus
MessageBeep
GetWindowLongA
EnableWindow
ShowWindow
ScreenToClient
GetParent
GetActiveWindow
DialogBoxParamA
EndDialog
BeginPaint
GetClientRect
LoadBitmapA
EndPaint
GetDlgItem
SetFocus
LoadIconA
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
GetWindowRect
GetDesktopWindow
MoveWindow

gdi32

CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
DeleteObject
GetObjectA

comdlg32

GetOpenFileNameA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
GetUserNameA
RegEnumValueA
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCloseKey

comctl32

ord17

Sections

.code
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

00006AF4
Size: 27KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

000108CA
Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
readme.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

674f1c3545642f5768ff5a0302208629

Headers

File Characteristics

Imports

netapi32

kernel32

user32

gdi32

comdlg32

advapi32

comctl32

Sections

.code Size: 340KB - Virtual size: 340KB

.idata Size: 27KB - Virtual size: 28KB

00006AF4 Size: 27KB - Virtual size: 76KB

000108CA Size: 66KB - Virtual size: 68KB

.rsrc Size: 60KB - Virtual size: 64KB

.code
Size: 340KB - Virtual size: 340KB

.idata
Size: 27KB - Virtual size: 28KB

00006AF4
Size: 27KB - Virtual size: 76KB

000108CA
Size: 66KB - Virtual size: 68KB

.rsrc
Size: 60KB - Virtual size: 64KB