cf96101cb516ebb4ba9d41a3e3efff24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf96101cb516ebb4ba9d41a3e3efff24_JaffaCakes118
Size

362KB
MD5

cf96101cb516ebb4ba9d41a3e3efff24
SHA1

180143a9e7c2290327a3bacdac715f0ff0e93755
SHA256

18d60a5e8da8384ca18cfcb19c740a9bca15c89f12401695e7ef9e16c8e3fbf5
SHA512

e59a3b288866a328b066a8b245694a7b69bb5b7928c799138a1c21d40a3929bf7c964830f7cab7410f2c7e0ce371f2e2a1addf7731984dd2f557d0e5a48046db
SSDEEP

6144:jt2+UzCk5RikNz3ZsiD627rHgYVSz0PfNO7fX3Ot7k8Fpf6EA5/zFp44koU63c+P:jU+NoRiUz+KrHgYVS+VO7fX+ttFpSnya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf96101cb516ebb4ba9d41a3e3efff24_JaffaCakes118

Files

cf96101cb516ebb4ba9d41a3e3efff24_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9ac7d4ef2bbaee29c1b37b66ab91d88c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\amigsgec.pdb

Imports

shell32

SHAddToRecentDocs
SHBrowseForFolderA

comdlg32

GetOpenFileNameA
LoadAlterBitmap
GetSaveFileNameW
PageSetupDlgA

gdi32

GetNearestPaletteIndex
Polyline
StartDocA
CloseEnhMetaFile

user32

CallNextHookEx
DestroyWindow
GrayStringW
DrawFrame
wvsprintfA
DdeQueryStringA
IsDlgButtonChecked
GetMenuItemCount
CharUpperW
RegisterClassA
SubtractRect
GetCursor
IsZoomed
FlashWindow
EnumDisplaySettingsW
MessageBoxA
RegisterClassExA
ShowWindow
DefWindowProcA
IsCharLowerW
CreateWindowExA
DdeCreateStringHandleA

comctl32

ImageList_DragEnter
ImageList_Destroy
ImageList_GetIconSize
GetEffectiveClientRect
ImageList_Replace
InitCommonControlsEx
ImageList_EndDrag
ImageList_Copy

kernel32

TlsFree
FlushFileBuffers
OpenMutexA
GetCurrentThreadId
GetVersion
GetCommandLineA
FreeEnvironmentStringsW
CloseHandle
VirtualQuery
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
CreateMailslotW
TlsAlloc
GetACP
WriteFile
CreateMutexA
InterlockedExchange
GetFileSize
MultiByteToWideChar
InterlockedDecrement
QueryPerformanceCounter
GetCurrentThread
UnhandledExceptionFilter
SetStdHandle
GetEnvironmentStringsW
InitializeCriticalSection
GetLocalTime
ReadFile
GetCurrentProcess
HeapDestroy
HeapAlloc
LCMapStringW
GetOEMCP
GetStartupInfoA
SetEnvironmentVariableA
IsBadWritePtr
HeapCreate
ContinueDebugEvent
GetSystemTime
GetModuleFileNameA
ExitProcess
EnterCriticalSection
SetHandleCount
InterlockedIncrement
TlsSetValue
SetLocalTime
GetCurrentProcessId
TlsGetValue
HeapReAlloc
LCMapStringA
GetStringTypeW
FreeEnvironmentStringsA
CompareStringW
TerminateProcess
GetStringTypeA
SetLastError
VirtualAlloc
GetStdHandle
GetTimeZoneInformation
HeapFree
CompareStringA
GetEnvironmentStrings
GetModuleHandleA
GetSystemTimeAsFileTime
SetFilePointer
LoadLibraryA
GetShortPathNameA
GetCPInfo
RtlUnwind
GetLastError
GetFileType
OpenWaitableTimerW
WideCharToMultiByte
VirtualFree
GetProcAddress

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ac7d4ef2bbaee29c1b37b66ab91d88c

Headers

File Characteristics

PDB Paths

Imports

shell32

comdlg32

gdi32

user32

comctl32

kernel32

Sections

.text Size: 144KB - Virtual size: 143KB

.rdata Size: 107KB - Virtual size: 121KB

.data Size: 95KB - Virtual size: 94KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 144KB - Virtual size: 143KB

.rdata
Size: 107KB - Virtual size: 121KB

.data
Size: 95KB - Virtual size: 94KB

.rsrc
Size: 14KB - Virtual size: 14KB