d325a237d32584a8a2514a0297a1b641_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d325a237d32584a8a2514a0297a1b641_JaffaCakes118
Size

570KB
MD5

d325a237d32584a8a2514a0297a1b641
SHA1

f1ce733f3710efa1efce311ac9f07d097d6da8c1
SHA256

d0600a87e5b8f431120bcf8d843ebfeb625c70bf1ba303c3ac342eb067cc7148
SHA512

bb101719a121867ca4fe52dd0f8549fab1a07a93c5de263ed888ba7a08470b5ca481c9e817ef83911aefcccb262ff02f824b5f568739aaedea3530f96c0bc092
SSDEEP

12288:ovpoYFvePJWcYHV7Xs6U8Ak/ZMz6urWYtWHsziH:ohVvqWlbs2AiZMz6urWGWHF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d325a237d32584a8a2514a0297a1b641_JaffaCakes118

Files

d325a237d32584a8a2514a0297a1b641_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d668845d5e96877a927293a492033c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadImageW
PtInRect
RegisterClassExA
SetWindowTextW
DrawIconEx
CascadeChildWindows
SetMessageQueue
FreeDDElParam
RegisterClassA
CharLowerBuffA
DlgDirSelectExW
CharUpperBuffA
DdeSetUserHandle
GetWindowLongA

kernel32

GetModuleFileNameW
VirtualAlloc
GetStringTypeA
TlsAlloc
GetEnvironmentStrings
lstrcpyW
WideCharToMultiByte
LCMapStringA
GetEnvironmentStringsW
TlsFree
GetStartupInfoW
FreeEnvironmentStringsA
GetVersionExW
HeapFree
FreeEnvironmentStringsW
VirtualProtect
GetLocaleInfoW
GetTempPathA
MultiByteToWideChar
CompareStringW
CreateWaitableTimerA
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentProcess
GetCPInfo
GetProcAddress
GetStringTypeW
GetCurrentThread
GetModuleFileNameA
GetNamedPipeInfo
SetHandleCount
GetTimeZoneInformation
TerminateProcess
ExitProcess
EnumCalendarInfoA
OpenMutexW
GetCommandLineA
LocalAlloc
SetFilePointer
GetFileType
VirtualFree
GetSystemInfo
RtlUnwind
SetEnvironmentVariableA
LocalCompact
GetUserDefaultLCID
HeapSize
QueryPerformanceCounter
GlobalLock
SetEnvironmentVariableW
GetStartupInfoA
LoadLibraryA
DeleteCriticalSection
TlsSetValue
GetConsoleCursorInfo
CloseHandle
EnterCriticalSection
GetCurrentThreadId
GetStdHandle
IsBadWritePtr
VirtualQuery
SetStdHandle
WritePrivateProfileStructW
InterlockedExchange
EnumSystemLocalesA
CreateMutexA
GetCurrentProcessId
GetCommandLineW
lstrcmp
FlushFileBuffers
LCMapStringW
GetTimeFormatA
GlobalGetAtomNameA
AddAtomA
HeapDestroy
IsValidLocale
GetACP
GetTickCount
HeapCreate
WriteFile
GetOEMCP
HeapReAlloc
GetLocaleInfoA
UnhandledExceptionFilter
HeapAlloc
GetDateFormatA
LeaveCriticalSection
lstrcmpiW
TlsGetValue
IsValidCodePage
GetLastError
ReadFile
GetVersionExA
OpenMutexA
InitializeCriticalSection
CompareStringA
SetLastError

comctl32

InitCommonControlsEx

comdlg32

FindTextW
GetOpenFileNameA

Sections

.text
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d668845d5e96877a927293a492033c0

Headers

File Characteristics

Imports

user32

kernel32

comctl32

comdlg32

Sections

.text Size: 233KB - Virtual size: 233KB

.rdata Size: 8KB - Virtual size: 31KB

.data Size: 315KB - Virtual size: 315KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 233KB - Virtual size: 233KB

.rdata
Size: 8KB - Virtual size: 31KB

.data
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 12KB - Virtual size: 11KB