c7771053a9226b26372236abb66a21b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c7771053a9226b26372236abb66a21b2_JaffaCakes118
Size

187KB
MD5

c7771053a9226b26372236abb66a21b2
SHA1

9105d0719ff053078f08999a02a1879eea9be565
SHA256

bd03021792b602f5eac16016ca5497bc9d3c644986c7f633c7c4878d57d7ef62
SHA512

d7a4b7f4a675b689c2f6f1ee94eea4a181972036dab997de063ccc3238d9a4ad683e623388b149f7a2432a5d86a453e340b09811d051a3f6f44adfb461d3f0a3
SSDEEP

3072:0/vFcjywT0n74enVFVhT8oXol3XWF37XcvmF6RzoAytqm3zcCPz13W8DnkTWD+n5:0/tcj0n7jVFVhtXol2FrXmVzoAyEHCPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7771053a9226b26372236abb66a21b2_JaffaCakes118

Files

c7771053a9226b26372236abb66a21b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c890681c23c1ee1ca55eeeab849b038f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ShowWindow
IsDlgButtonChecked
EnableWindow
DestroyWindow
GetDC
WinHelpA
CreateDialogParamA
SendMessageA
GetDialogBaseUnits
GetDlgItem
UnregisterClassA
CheckDlgButton
SetDlgItemTextA
SetWindowLongA
IsWindow
ReleaseDC
GetDlgItemTextA
MoveWindow
IsDialogMessageA
CharNextA

kernel32

HeapDestroy
GetTickCount
GetLocaleInfoA
SetHandleInformation
GetModuleHandleA
WideCharToMultiByte
lstrlenW
FreeLibrary
SetUnhandledExceptionFilter
FlushFileBuffers
GetFileType
GetOEMCP
GetACP
InterlockedIncrement
UnhandledExceptionFilter
MultiByteToWideChar
RtlUnwind
GetEnvironmentStringsW
TlsGetValue
HeapReAlloc
TransmitCommChar
GetVersionExA
lstrcatA
SetHandleCount
DisableThreadLibraryCalls
GetProcessHeap
FreeEnvironmentStringsA
GetCPInfo
GetCurrentThreadId
lstrcmpiA
HeapAlloc
HeapCreate
TlsSetValue
GetCurrentProcessId
VirtualAlloc
GetStringTypeW
lstrcpynA
RaiseException
WriteFile
FreeEnvironmentStringsW
ExitProcess
GetSystemTimeAsFileTime
IsBadReadPtr
InterlockedExchange
InterlockedDecrement
VirtualQuery
EnumResourceNamesW
GetEnvironmentStrings
TerminateProcess
LoadResource
IsBadCodePtr
GetCurrentProcess
VirtualFree
DeleteCriticalSection
QueryPerformanceCounter
SetLastError
LCMapStringA
EnterCriticalSection
HeapSize
GetStdHandle
GetProcAddress
LoadLibraryA
FlushInstructionCache
MulDiv
GetLastError
TlsFree
ExitProcess
InitializeCriticalSection
FindResourceA
VirtualProtect
GetCommandLineA
GetStartupInfoA
LeaveCriticalSection
SizeofResource
LockResource
GetSystemInfo
TlsAlloc
GetThreadLocale
LCMapStringW
lstrlenA
IsBadWritePtr
LoadLibraryExA
GetModuleFileNameA
SetStdHandle
IsDBCSLeadByte
SetFilePointer
CloseHandle
lstrcpyA
GetStringTypeA
HeapFree

msimg32

AlphaBlend
TransparentBlt

gdi32

GetTextExtentPointA
GetTextMetricsA
SelectObject
DeleteObject
GetDeviceCaps
CreateFontIndirectA

shlwapi

PathFindExtensionA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc

advapi32

RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA

Sections

.text
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c890681c23c1ee1ca55eeeab849b038f

Headers

File Characteristics

Imports

user32

kernel32

msimg32

gdi32

shlwapi

ole32

advapi32

Sections

.text Size: 154KB - Virtual size: 154KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 27KB - Virtual size: 26KB

.crt Size: 512B - Virtual size: 88KB

.text
Size: 154KB - Virtual size: 154KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 27KB - Virtual size: 26KB

.crt
Size: 512B - Virtual size: 88KB