d3023dfd8bf3fdb531ed70835f6690d7_JaffaCakes118

General

Target

d3023dfd8bf3fdb531ed70835f6690d7_JaffaCakes118
Size

196KB
MD5

d3023dfd8bf3fdb531ed70835f6690d7
SHA1

cbc7f96caff443e167050b8e533a633466f26fc6
SHA256

4a90d9ea05824b9bc1000c159215ce1b8b1b5d9f804e62b488cc07087b87bc9f
SHA512

c305f40c297ede05cfd8bb0a4fb610e162f146020a48db21e1e9aeb50a7c35310ac39e87075aaa6e8b3f80a357a81025ed99be17e86c2fd4e13f1ebddcac0c2d
SSDEEP

3072:Epr4LafCVrRagpHlcew01LetnAn74e/ERSk+MYnlhO:Epr4GCVrch5gmwse/mSkmlh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3023dfd8bf3fdb531ed70835f6690d7_JaffaCakes118

Files

d3023dfd8bf3fdb531ed70835f6690d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ae0f2daa6b3d9d9b5deb7c34483c5414

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapWalk
HeapReAlloc
HeapCreate
HeapFree
HeapAlloc
Sleep
GetTickCount
FreeLibrary
LoadLibraryW
CreateProcessW
GetProcAddress
GetProfileStringW
GetCurrentDirectoryA
GetLastError
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetEnvironmentVariableA

user32

IsDialogMessageW
SetWindowsHookExA
PostMessageW
DrawFrameControl
GetClassInfoExA
EnumWindows
GetClassNameW
GetAsyncKeyState
GetDC
GetWindowLongA
CreateWindowExA
DefWindowProcW
ReleaseDC
FillRect
GetActiveWindow
CreatePopupMenu
GetSysColorBrush
AppendMenuA

ole32

CoRegisterClassObject
CoRegisterSurrogate
CoInitialize
OleSetContainedObject

Exports

Exports

Apujap
Gokasepyde
Igefemyloborysy
Lewiciqavoca
Uzamezawadiq
Ynaxurul

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae0f2daa6b3d9d9b5deb7c34483c5414

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 102KB

.data Size: 80KB - Virtual size: 148KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 104KB - Virtual size: 102KB

.data
Size: 80KB - Virtual size: 148KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB