c8fd9791d84edd3ef5114253e731ed8a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c8fd9791d84edd3ef5114253e731ed8a_JaffaCakes118
Size

346KB
MD5

c8fd9791d84edd3ef5114253e731ed8a
SHA1

8b0f38d8f84717952ffcdd441f119fa772fa0fe4
SHA256

04ee44f17f5b300d12a89b2e0feecb31853643417b27cf6219d890882b835b84
SHA512

26d6faa9486176b4a44bf689475796a195b52cd238bf4c5856d1dfcde102c2ab04cf596034ec76fd3482f4a896a0ef6ccca328b382927ccbc48f17d30bc713f7
SSDEEP

6144:ljwlYaQnu2A/C5B2bgn1pSA8XaMYF8I/6wQQI/Z6:ljwlYgq5B20niXimIB5Io

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8fd9791d84edd3ef5114253e731ed8a_JaffaCakes118

Files

c8fd9791d84edd3ef5114253e731ed8a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e032cdb775703da870a2974bdfb746fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
lstrlenA
RtlFillMemory
GetCurrentThread
Beep
LocalAlloc
LocalFree
GetCurrentProcess
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetTickCount
LCMapStringA
LCMapStringW
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetModuleHandleA
InterlockedDecrement
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
RtlUnwind
HeapCreate
HeapDestroy
GetVersionExA
GetLastError
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
GetVersion
GetCommandLineA
GetStartupInfoA
SetWaitableTimer
CreateWaitableTimerA
lstrcpyn
TerminateProcess
GetEnvironmentVariableA
CloseHandle
WaitForSingleObject
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessA
RtlMoveMemory
InterlockedIncrement
LocalSize

user32

PeekMessageA
SetWindowLongA
SetTimer
CallWindowProcA
GetCursorPos
GetSystemMetrics
wsprintfA
MessageBoxA
UnregisterHotKey
SetWindowPos
SetWindowRgn
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
EqualRect
IntersectRect
GetWindowLongA
PostQuitMessage
CreateWindowExA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
IsWindow
EnableWindow
UpdateWindow
ShowWindow
IsWindowVisible
PostMessageA
GetForegroundWindow
GetWindowRect
ReleaseDC
FillRect
GetSysColor
GetDC
DefWindowProcA
TrackMouseEvent
SendMessageA
GetParent
InvalidateRect
EndPaint
BeginPaint
MoveWindow
LoadCursorA
LoadIconA
RegisterClassExA
GetClassInfoExA
MsgWaitForMultipleObjects
GetDoubleClickTime
mouse_event
SetCursorPos
ClientToScreen
RegisterHotKey

shlwapi

StrToIntExA
StrDupA

gdi32

CreateDIBitmap
TextOutA
SetBkColor
DeleteObject
CreatePatternBrush
StretchBlt
CreateSolidBrush
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetObjectA
CreateRectRgn
GetPixel
CombineRgn
CreateFontA
SetTextColor

msimg32

TransparentBlt

ntdll

ZwUnmapViewOfSection
RtlCompareMemory

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 344KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e032cdb775703da870a2974bdfb746fb

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

gdi32

msimg32

ntdll

Sections

.text Size: 132KB - Virtual size: 131KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 344KB - Virtual size: 342KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 132KB - Virtual size: 131KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 344KB - Virtual size: 342KB

.rsrc
Size: 8KB - Virtual size: 4KB