c988f637019ec1d4352a1ceb51bc8694_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c988f637019ec1d4352a1ceb51bc8694_JaffaCakes118
Size

169KB
MD5

c988f637019ec1d4352a1ceb51bc8694
SHA1

47ddd3d3126a3941f281cb76cea641373ca76b80
SHA256

2f9aa8b156fef265216c40ebcbaadd547301770ba8cb60fa50b1ff848fa76672
SHA512

e6489ff478998466f90b9e49468b5f9e1191288c5c2103f5bc4930025c9163b479676f4ffdefffc67ca83bf5773198e30913dd066754999a1675e4668b56810b
SSDEEP

3072:aQ9dqSRqLwKiAvbtHP0ZjovJPb5Vr2b9rqg6KGxwHrp8WUey8dyCswg3x:aQx4LlpHMyfrwq4GxwH9bZy4yCA3x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c988f637019ec1d4352a1ceb51bc8694_JaffaCakes118

Files

c988f637019ec1d4352a1ceb51bc8694_JaffaCakes118
.exe windows:4 windows x86 arch:x86

58798fc49e1c96762e35137b53b3dc1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
RtlUnwind
GetStdHandle
HeapDestroy
LoadResource
HeapCreate
lstrcpynA
TlsAlloc
InterlockedExchange
SetLastError
GetCurrentThreadId
GetCurrentProcess
SetHandleInformation
EnterCriticalSection
TerminateProcess
GetVersionExA
HeapReAlloc
GetEnvironmentStrings
GetModuleFileNameA
GetCPInfo
GetCommandLineA
SetHandleCount
WriteFile
VirtualProtect
SizeofResource
WideCharToMultiByte
FreeEnvironmentStringsA
TransmitCommChar
InitializeCriticalSection
GetModuleHandleA
GetLocaleInfoA
TlsFree
GetThreadLocale
FreeEnvironmentStringsW
FreeLibrary
TlsSetValue
LoadLibraryA
FindResourceA
GetLastError
IsBadWritePtr
MultiByteToWideChar
lstrlenW
EnumResourceNamesW
lstrcmpiA
GetStringTypeA
lstrcatA
IsDBCSLeadByte
InterlockedIncrement
GetSystemTimeAsFileTime
LoadLibraryExA
VirtualQuery
SetUnhandledExceptionFilter
GetStartupInfoA
GetSystemInfo
ExitProcess
VirtualFree
GetCurrentProcessId
IsBadCodePtr
GetProcAddress
FlushFileBuffers
GetEnvironmentStringsW
UnhandledExceptionFilter
GetTickCount
LeaveCriticalSection
FlushInstructionCache
CloseHandle
IsBadReadPtr
GetFileType
GetOEMCP
lstrcpyA
VirtualAlloc
DeleteCriticalSection
lstrlenA
GetProcessHeap
SetStdHandle
ExitProcess
LockResource
MulDiv
SetFilePointer
DisableThreadLibraryCalls
HeapAlloc
GetStringTypeW
RaiseException
QueryPerformanceCounter
GetACP
InterlockedDecrement
TlsGetValue
LCMapStringA
HeapSize
HeapFree

msimg32

AlphaBlend
TransparentBlt

ole32

CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc

shlwapi

PathFindExtensionA

user32

UnregisterClassA
IsDialogMessageA
ReleaseDC
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
ShowWindow
SetWindowLongA
CreateDialogParamA
CheckDlgButton
WinHelpA
SendMessageA
IsWindow
GetDC
MoveWindow
GetDialogBaseUnits
IsDlgButtonChecked
EnableWindow
DestroyWindow
CharNextA

advapi32

RegOpenKeyExA
RegSetValueExA
RegEnumKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyA

gdi32

GetTextExtentPointA
GetTextMetricsA
DeleteObject
SelectObject
GetDeviceCaps
CreateFontIndirectA

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58798fc49e1c96762e35137b53b3dc1e

Headers

File Characteristics

Imports

kernel32

msimg32

ole32

shlwapi

user32

advapi32

gdi32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 36KB - Virtual size: 36KB

.crt Size: 512B - Virtual size: 60KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 36KB - Virtual size: 36KB

.crt
Size: 512B - Virtual size: 60KB