d163229edecf08f4cd7da16217e86346_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d163229edecf08f4cd7da16217e86346_JaffaCakes118
Size

64KB
MD5

d163229edecf08f4cd7da16217e86346
SHA1

42540d3da6e68464ec39230583867db0b6ad3423
SHA256

f87c5d611d42375f87c68f3483877f65703d1e65caa270aad7ffe288733a3407
SHA512

e8afdacf0ad52d2b99f8b0231f7686d689c3516a1cb5450ab3a28251d19ea6c1301539da8f315a577d6dbfad520bba370a298ad0fd6671d414594d412d2bb225
SSDEEP

1536:RGrHmuk5Yn/C/irXZM0tdt3y3+fJdqQcTj4Ex6qcDdwUK6eWHA6BHBlo+Nx:RKHmk/C/irXZNtd5yOzEXcDmBWNBhlr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d163229edecf08f4cd7da16217e86346_JaffaCakes118

Files

d163229edecf08f4cd7da16217e86346_JaffaCakes118
.exe windows:4 windows x86 arch:x86

843d30db17f526aeb5397b7fb5569b13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetCommandLineW
SetEndOfFile
FindResourceW
SetLastError
GetDriveTypeA
lstrcmpiW
GlobalAlloc
QueryPerformanceCounter
FreeEnvironmentStringsW
GetLocalTime
CreateFileMappingW
SetErrorMode
InterlockedCompareExchange
GetFileType
GetOEMCP
WaitForMultipleObjects
GetConsoleMode
GetFileAttributesW
GetTickCount
LoadLibraryExA
DeleteFileW
HeapDestroy
MapViewOfFile
GetCurrentDirectoryW
ResumeThread
RaiseException
GetThreadLocale
UnhandledExceptionFilter
InterlockedDecrement
GetThreadPriority
GetCurrentThreadId
LocalAlloc
GetLastError
GetProcessHeap
GetFileAttributesA
UnmapViewOfFile
HeapSize
VirtualAlloc
GetCurrentProcess
GetVersion
InitializeCriticalSection
GetModuleHandleW
GetComputerNameW
OpenEventA
GetVersionExW
TlsGetValue
CompareStringA
GetExitCodeThread
VirtualProtect
FindResourceA
ExpandEnvironmentStringsW
GetCurrentThread
GetCurrentProcessId

msvcrt

malloc
??0exception@@QAE@ABV0@@Z
realloc
__p__osver
sprintf
_wtol
__pioinfo
strtok
_finite
_ftol
rand
fprintf
_isatty
_access
__getmainargs
wcsspn
fwrite
__p__fmode
_ltoa
ctime
_stat
_chsize
exit
_lock
_initterm
fclose
_rotr
iswdigit
strncpy
fseek
_commit
srand

user32

FillRect
GetClassNameW
GetSysColor
GetDlgCtrlID
KillTimer
InsertMenuA
TrackPopupMenu
RegisterClipboardFormatW
GetDlgItemTextA
SetFocus
UnregisterClassA
GetSysColorBrush
EnableWindow
CheckRadioButton
GetCursorPos
DialogBoxParamA
ExitWindowsEx
GetWindowRect
IsWindowEnabled
RegisterWindowMessageA
RegisterClassA
GetDC
EnumChildWindows
SetWindowTextA
IsDlgButtonChecked
CharPrevW
PostQuitMessage
GetWindow
DrawTextA
MessageBeep
UpdateWindow
GetFocus
SetWindowLongW
SetMenu
GetWindowTextW
CharUpperA
GetMenu
SetWindowRgn
CharUpperW
LoadStringA
GetClientRect
ShowWindow
MessageBoxW
GetDesktopWindow
CreateWindowExW
GetActiveWindow
LoadCursorW

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textbss
Size: 512B - Virtual size: 143B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbss
Size: 512B - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 409B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

843d30db17f526aeb5397b7fb5569b13

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 54KB - Virtual size: 53KB

.textbss Size: 512B - Virtual size: 143B

.textbss Size: 512B - Virtual size: 75KB

BSS Size: 512B - Virtual size: 409B

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 54KB - Virtual size: 53KB

.textbss
Size: 512B - Virtual size: 143B

.textbss
Size: 512B - Virtual size: 75KB

BSS
Size: 512B - Virtual size: 409B

.rsrc
Size: 6KB - Virtual size: 5KB