d8b819ea1e4d97b17db5a51d1f8f24a7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d8b819ea1e4d97b17db5a51d1f8f24a7_JaffaCakes118
Size

48KB
MD5

d8b819ea1e4d97b17db5a51d1f8f24a7
SHA1

61a32372e1ae56e7109ad6d824e6308040b37cfd
SHA256

dc35341679e76213d3b23765f82f6465eb8165b15f93e605c95844ff2bd45a30
SHA512

a2222374cf0f330aa23fab01289e6482d8411f60a592da0decb0a8bd5f1d81c61dd00c560e6e383b0673720260ebc265c703231e95b915062c48cefb83195367
SSDEEP

768:wwCW+aIbCXnxRrKBhM+lTjy+ggmkbAE02kV20YvdUu9W7lEVFRbeZxEotTxK:LCXaGYrKBhjgrkbAE02K2dk7l8z4t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8b819ea1e4d97b17db5a51d1f8f24a7_JaffaCakes118

Files

d8b819ea1e4d97b17db5a51d1f8f24a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6724d7617c80fd0c5b534a11f5b73c4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

gdi32

SetWindowOrgEx
ModifyWorldTransform
ExtTextOutA
CreateFontIndirectA
SetTextColor
GetTextMetricsA
BitBlt
SaveDC
RestoreDC
GetObjectA
CreateSolidBrush
SetViewportOrgEx
SetBkColor
CreateCompatibleDC
DeleteObject
GetDeviceCaps
SelectObject
DeleteDC
SetGraphicsMode
DPtoLP

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

user32

GetDlgItem
SetWindowPos
SetWindowLongA
IsDlgButtonChecked
wsprintfA
CheckDlgButton
CharUpperA
GetWindowRect
GetWindowTextA
EndDialog
LoadBitmapA
EnableWindow
IsWindow
DestroyIcon
IsDialogMessageA
LoadStringA
GetDC
DispatchMessageA
ReleaseDC
CreateDialogParamA
GetSysColor
DrawTextA
GetClientRect
PeekMessageA
SendMessageA
LoadImageA
SendDlgItemMessageA
MessageBoxA
ShowWindow
DialogBoxParamA
DestroyWindow
GetWindowLongA
SetWindowTextA
MsgWaitForMultipleObjects
InvalidateRect
TranslateMessage
CharPrevA
SetDlgItemTextA

atl

AtlMarshalPtrInProc

kernel32

lstrcpynA
GetSystemDirectoryA
lstrcpyA
InterlockedIncrement
LoadLibraryA
HeapReAlloc
VirtualAlloc
CreateEventA
CreateFileA
LocalFree
CloseHandle
DisableThreadLibraryCalls
GetModuleFileNameA
InitializeCriticalSection
GetTickCount
SetEvent
lstrcmpA
GetProcAddress
GetWindowsDirectoryA
GetProcessHeap
LocalAlloc
HeapAlloc
lstrcatA
HeapSize
FreeLibrary
lstrlenA
GetModuleHandleA
lstrcmpiA
DeleteCriticalSection
HeapFree
InterlockedDecrement
CreateThread

advpack

RegInstall

ntdll

NtAddAtom

advapi32

RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegEnumValueA
RegCloseKey

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6724d7617c80fd0c5b534a11f5b73c4d

Headers

File Characteristics

Imports

ole32

gdi32

version

user32

atl

kernel32

advpack

ntdll

advapi32

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 428B

.idata Size: 46KB - Virtual size: 45KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 448B

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 428B

.idata
Size: 46KB - Virtual size: 45KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 448B