da423ca7304a4b1c089051b426ed0fa2_JaffaCakes118

General

Target

da423ca7304a4b1c089051b426ed0fa2_JaffaCakes118
Size

554KB
MD5

da423ca7304a4b1c089051b426ed0fa2
SHA1

5cd6d09107d3194ede41dad768e91bb936900ff6
SHA256

9c7a446ff6e4c4964a6f5f3be9803ac77ca2a82cad0f7432f7c2fd1274861fbb
SHA512

1a75f6640b2cddc7185608366f30007c1cfe389200e49fe47d671d810f19b4a6f096c033ad65524747234f5c787e097fde823c21f237242dbc47207aba44beec
SSDEEP

3072:1LIISZoPCdMbrfjUaBFiHBY9ufnIpGXMkU63UGKpGVnPnF47Me24eisv+yhr8WgZ:1M5IsQeoGXM+31KpGVN+MEIr8POyNjfL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da423ca7304a4b1c089051b426ed0fa2_JaffaCakes118

Files

da423ca7304a4b1c089051b426ed0fa2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d764a2b044db265ef954a4e23632ff2f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetBinaryTypeA
SetVolumeLabelA
_lopen
ClearCommBreak
OutputDebugStringW
lstrcmpA
SetErrorMode
RemoveDirectoryA
_hread
WritePrivateProfileSectionA
GetTickCount
GetTempFileNameA
GetPrivateProfileSectionW
ExitProcess

oleaut32

SysStringLen
QueryPathOfRegTypeLi
SafeArrayGetLBound
LoadTypeLi
SafeArrayRedim

user32

EndPaint
LoadBitmapA
wsprintfA
HiliteMenuItem
SetScrollInfo
LoadMenuIndirectW
GetWindowTextW
DrawIconEx
CreateAcceleratorTableW
WinHelpW
OpenWindowStationW
ExcludeUpdateRgn
SwitchDesktop
GetDesktopWindow
DestroyAcceleratorTable
MenuItemFromPoint
ArrangeIconicWindows
GetClassNameW
MessageBeep
RemoveMenu
GetClipboardFormatNameW
InflateRect
FindWindowExW
AdjustWindowRectEx
PeekMessageW

gdi32

SetTextColor
CreatePalette
PaintRgn
PolylineTo

ws2_32

WSAGetLastError
recv
WSARecv
WSARecvFrom
WSAHtons

msvcrt

getchar
strrchr
_waccess
_strtime
iswalnum
putc
putchar
clearerr
_endthread
iswspace
system
freopen
strtok
_wcsnicmp
_wpopen
_snwprintf
fputwc
_stricoll
localeconv
strcspn
_setmode
wcscmp
difftime
fputws
_spawnv
wcsncpy
tolower

Sections

.text
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d764a2b044db265ef954a4e23632ff2f

Headers

File Characteristics

Imports

kernel32

oleaut32

user32

gdi32

ws2_32

msvcrt

Sections

.text Size: 302KB - Virtual size: 302KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 231KB - Virtual size: 230KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 302KB - Virtual size: 302KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 231KB - Virtual size: 230KB

.rsrc
Size: 16KB - Virtual size: 16KB