db563507ecdb0b3af967eb4e4e1b7097_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db563507ecdb0b3af967eb4e4e1b7097_JaffaCakes118
Size

2.0MB
MD5

db563507ecdb0b3af967eb4e4e1b7097
SHA1

95cfef92d5d70017e4aaf408cfa9ec787d6e6c3d
SHA256

a2f69cef0d7966f3b24023a45fbfe1d5c10be8ff65180031a1259b14c8729c8a
SHA512

90c7bc224508f66d8baec9978b41575242bcb172d01d49b8b06910eb6b623d8b117dfda89d39e17d8d83348c60cb7098bfd2eb20751690d399085f01adf32dd1
SSDEEP

49152:SdXVJQ5bPZhjGABoq7P462gjL+2uSOp+yoG0nBhQmBaZ:EQ5bS41Z2gTnG0MCaZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db563507ecdb0b3af967eb4e4e1b7097_JaffaCakes118

Files

db563507ecdb0b3af967eb4e4e1b7097_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f644db6426d09e29127cf1b3deed516

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

RestoreDC
GdiSetPixelFormat
SetROP2
GetObjectA
MoveToEx
SetBkColor
PatBlt
ExtTextOutA
GetDIBits
IntersectClipRect
StretchDIBits
GdiSetLastError
SelectObject
GetTextMetricsW
CreatePalette
GetTextExtentPoint32W
SetMapMode
SetViewportOrgEx
CreateRectRgnIndirect
DeleteMetaFile
SetArcDirection
SetStretchBltMode
GetPaletteEntries
StretchBlt
GdiSetPixelFormat
CopyEnhMetaFileW
EngGetPrinterDataFileName
SetROP2
GdiSetLastError
SetArcDirection

kernel32

CompareStringA
ExitProcess
GetCurrentProcess
GetPrivateProfileStructW
GetModuleHandleW
FindFirstChangeNotificationA
GetTickCount
DeleteAtom
GetCommMask
GetCommandLineA
CreateSemaphoreW
GetCurrentThread
GetVersion
MapViewOfFile
GetTapeParameters
GetDriveTypeW
UnlockFile
InterlockedIncrement
GetCommandLineW
MoveFileA
ClearCommBreak
VirtualAlloc
EnumTimeFormatsA
FindResourceExA
GetLogicalDriveStringsW
GetProcessHeap
HeapAlloc
GlobalAddAtomW
GetModuleHandleA
VirtualFree
GetCurrentProcess
GetCurrentThread
ReadFile
GetCommandLineW
Sleep
ExitProcess
GetModuleHandleA
GetVersionExA
GetTickCount
InterlockedIncrement
GetVersion
GetModuleHandleW
GetCommandLineA
VirtualFree
VirtualAlloc
CreateFileW
HeapAlloc
GetProcessHeap
GetCurrentProcessId

msvcrt

getwchar
_mbctoupper
_wcsncoll
_ismbbkpunct
_statusfp
__getmainargs
puts
_errno
_mbscspn
_amsg_exit
_fgetchar
_fputchar
_adj_fptan
_lrotl

user32

DlgDirSelectComboBoxExA
IsDialogMessageA
EnumPropsA
CopyAcceleratorTableW
LoadIconW
DdeConnect
GetMessageTime
BlockInput
DdeClientTransaction
GetMonitorInfoA
InsertMenuItemW
GetAsyncKeyState

ole32

CoTaskMemFree
OleLoadFromStream
HBITMAP_UserFree

advapi32

GetTokenInformation
RegOpenKeyExA
RegCloseKey
AllocateAndInitializeSid
RegSetValueExA
RegCreateKeyExA

Sections

.text
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 929KB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 923KB - Virtual size: 925KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f644db6426d09e29127cf1b3deed516

Headers

File Characteristics

Imports

gdi32

kernel32

msvcrt

user32

ole32

advapi32

Sections

.text Size: 10KB - Virtual size: 11KB

.data Size: 101KB - Virtual size: 102KB

.rdata Size: 929KB - Virtual size: 6.3MB

.idata Size: 923KB - Virtual size: 925KB

.kdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 71KB - Virtual size: 71KB

.text
Size: 10KB - Virtual size: 11KB

.data
Size: 101KB - Virtual size: 102KB

.rdata
Size: 929KB - Virtual size: 6.3MB

.idata
Size: 923KB - Virtual size: 925KB

.kdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 71KB - Virtual size: 71KB