da498be635503676449213ed619c6dc6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

da498be635503676449213ed619c6dc6_JaffaCakes118
Size

167KB
MD5

da498be635503676449213ed619c6dc6
SHA1

be5f5d8edb160a48dd92760536f2410fd3b9b85b
SHA256

930815ddee6e081b4aee491bc36916634a9bff79fe412cea01163bb848e39b32
SHA512

c0a87bd7eab349ba4d5728caf1adc6649f510870354c219d968829ab0aed4fcc9f85be28cbd7de33fc5f982f6cff9e6c5983527b9c1a2a18cad21ac18afb06f7
SSDEEP

3072:jPD71ztDo35yC7qgPU4dHn3vmL/YupHw/cIS21gvwxoZZZ:jPt23g1A3vmLgupQ0AnxoZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da498be635503676449213ed619c6dc6_JaffaCakes118

Files

da498be635503676449213ed619c6dc6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

22e2e84677922a3c78617d8076d36671

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
TransparentBlt

kernel32

SizeofResource
QueryPerformanceCounter
SetHandleCount
GetACP
HeapDestroy
SetHandleInformation
IsDBCSLeadByte
HeapReAlloc
GetStringTypeA
GetThreadLocale
lstrcmpiA
GetLocaleInfoA
GetProcAddress
LCMapStringW
GetCommandLineA
lstrlenW
SetStdHandle
TlsGetValue
lstrcpyA
InterlockedDecrement
GetVersionExA
TlsSetValue
GetCurrentProcessId
ExitProcess
GetEnvironmentStrings
CloseHandle
HeapSize
FindResourceA
GetSystemInfo
IsBadWritePtr
TransmitCommChar
LeaveCriticalSection
SetLastError
MulDiv
RaiseException
IsBadCodePtr
IsBadReadPtr
LCMapStringA
lstrcpynA
GetEnvironmentStringsW
EnumResourceNamesW
WideCharToMultiByte
GetCurrentProcess
GetModuleFileNameA
DisableThreadLibraryCalls
TlsAlloc
SetFilePointer
TerminateProcess
WriteFile
GetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
VirtualQuery
LoadLibraryExA
VirtualProtect
GetFileType
InitializeCriticalSection
GetOEMCP
lstrlenA
GetSystemTimeAsFileTime
GetStartupInfoA
GetCPInfo
SetUnhandledExceptionFilter
ExitProcess
FlushFileBuffers
GetProcessHeap
FreeLibrary
lstrcatA
GetTickCount
LoadResource
RtlUnwind
VirtualAlloc
GetModuleHandleA
HeapCreate
VirtualFree
GetCurrentThreadId
LockResource
FreeEnvironmentStringsA
LoadLibraryA
FlushInstructionCache
InterlockedIncrement
InterlockedExchange
UnhandledExceptionFilter
DeleteCriticalSection
GetLastError
EnterCriticalSection
TlsFree
HeapAlloc
MultiByteToWideChar
HeapFree

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyExA
RegCreateKeyExA
RegQueryInfoKeyA

shlwapi

PathFindExtensionA

user32

GetDlgItemTextA
IsDialogMessageA
EnableWindow
ShowWindow
WinHelpA
IsDlgButtonChecked
GetDC
SetDlgItemTextA
MoveWindow
CreateDialogParamA
ReleaseDC
UnregisterClassA
DestroyWindow
CheckDlgButton
SetWindowLongA
IsWindow
SendMessageA
GetDlgItem
GetDialogBaseUnits
CharNextA

gdi32

GetDeviceCaps
GetTextMetricsA
GetTextExtentPointA
DeleteObject
SelectObject
CreateFontIndirectA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22e2e84677922a3c78617d8076d36671

Headers

File Characteristics

Imports

msimg32

kernel32

advapi32

shlwapi

user32

gdi32

ole32

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 35KB - Virtual size: 35KB

.crt Size: 512B - Virtual size: 60KB

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 35KB - Virtual size: 35KB

.crt
Size: 512B - Virtual size: 60KB