d59c3513e5b248991479a178365a63a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d59c3513e5b248991479a178365a63a7_JaffaCakes118
Size

188KB
MD5

d59c3513e5b248991479a178365a63a7
SHA1

135da1b82299c6a6cba8a2f3ba28f46be367ed1d
SHA256

acc3c2728e886e228fe3109bc5fa054e97e1aba86d0ea84b4b45a18cf6f1de80
SHA512

d331dd1c9e2946766bbc9122fce0f7bc6d014e48d9fcaead90cae2de2f8a7c7bd032e64e019efc2e51c7d95cf3f955946255ec0ccee7cd2629014384d9e18ccc
SSDEEP

3072:iUGN61+8MuLImTiaZrQu9ld5y1Tf8JcVZjjbIc85cQgDct0/TFiyr0CG8xyfPOf0:TqyKkIm9Z7XQ1TkS7jkxTORLrVSnaXa9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d59c3513e5b248991479a178365a63a7_JaffaCakes118

Files

d59c3513e5b248991479a178365a63a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0128eafafa002d4e099395c2d3946b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashA

user32

wsprintfW
GetKeyState
CharUpperA
wsprintfA
CharNextA
MessageBoxA
CharLowerA

msimg32

AlphaBlend
TransparentBlt

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA

kernel32

GetThreadIOPendingFlag
IsBadReadPtr
GetSystemTime
ReleaseSemaphore
GetEnvironmentVariableA
GetStringTypeW
LCMapStringW
CreateThread
GetFileType
DeleteCriticalSection
IsBadCodePtr
TlsFree
TlsAlloc
TlsGetValue
GetDiskFreeSpaceExA
GetPrivateProfileStringA
UnhandledExceptionFilter
SetStdHandle
WideCharToMultiByte
SetEndOfFile
SetHandleCount
FileTimeToSystemTime
GetLastError
Sleep
RaiseException
TransmitCommChar
GetModuleHandleA
SetLastError
HeapReAlloc
GetCommandLineA
SetUnhandledExceptionFilter
lstrcmpW
InitializeCriticalSection
FileTimeToLocalFileTime
SetEvent
GetUserDefaultLCID
CompareStringA
GetACP
MultiByteToWideChar
TerminateProcess
GetStdHandle
GetCPInfo
CloseHandle
HeapSize
GetTempPathW
GetTickCount
GlobalFree
GetOEMCP
GetTempPathA
IsBadWritePtr
GetModuleFileNameA
GetEnvironmentStringsW
GetPriorityClass
SetPriorityClass
GetProcAddress
GlobalAlloc
FlushFileBuffers
EnumResourceNamesW
GetStartupInfoA
WritePrivateProfileStringA
GetTempFileNameA
CreateSemaphoreA
UnmapViewOfFile
GetFullPathNameW
GetFullPathNameA
CreateFileW
GetEnvironmentStrings
lstrcmpA
LCMapStringA
ExitProcess
LeaveCriticalSection
InterlockedExchange
InterlockedDecrement
GetCurrentProcess
LoadLibraryW
GetThreadPriority
GetTimeZoneInformation
HeapFree
CreateMutexA
ExitProcess
CompareStringW
GlobalUnlock
HeapAlloc
RtlUnwind
GetStringTypeA
FreeEnvironmentStringsW
CreateFileMappingA
GetCurrentThreadId
LoadLibraryA
FreeLibrary
lstrcpyA
TlsSetValue
WaitForSingleObject
OutputDebugStringA
HeapDestroy
MapViewOfFile
EnterCriticalSection
ExitThread
IsDBCSLeadByte
HeapCreate
ResetEvent
FreeEnvironmentStringsA
WriteFile
InterlockedIncrement
SetEnvironmentVariableA

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0128eafafa002d4e099395c2d3946b0

Headers

File Characteristics

Imports

shlwapi

user32

msimg32

advapi32

kernel32

Sections

.text Size: 158KB - Virtual size: 157KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 25KB - Virtual size: 24KB

.crt Size: 512B - Virtual size: 84KB

.text
Size: 158KB - Virtual size: 157KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 25KB - Virtual size: 24KB

.crt
Size: 512B - Virtual size: 84KB