e16667f2181a0503314127cf299d2919_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e16667f2181a0503314127cf299d2919_JaffaCakes118
Size

312KB
MD5

e16667f2181a0503314127cf299d2919
SHA1

87bf8c671ee052f4d09a10caca2bdb8277d3e19a
SHA256

aa816907cbe55fb2e170741297322bdfecc1e68b7f0420fc0459f4d57a395a86
SHA512

e24e7845528b167c83c80c9da6215950c8a4a32da6c2c19bec1c4f55c68adb90495d75f4cd85b69db9edc7bf4220dff0f8faf37cba6699371827dadf64daa2e6
SSDEEP

6144:W5uBbbdoxf1IWuzyCBaBGAFmn6Gx9WEQDB4JsE5f:UObB+f1IWmyRsn6GxA3DeJsE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e16667f2181a0503314127cf299d2919_JaffaCakes118

Files

e16667f2181a0503314127cf299d2919_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6645c91c7bdc48a406512357f9ac293b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

crypt32

CryptStringToBinaryA

kernel32

ReadFile
GetLocaleInfoW
SetStdHandle
InterlockedExchange
GetOEMCP
GetACP
VirtualQuery
VirtualProtect
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
CloseHandle
SetFilePointer
FlushFileBuffers
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsBadCodePtr
GetTickCount
LoadLibraryW
GetModuleHandleA
LoadLibraryA
GetSystemInfo
LCMapStringA
IsBadReadPtr
GetFileType
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
RtlUnwind
RaiseException
HeapFree
GetStartupInfoA
GetCommandLineA
GetVersionExA
ExitProcess
GetCPInfo
GetLastError
LCMapStringW
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
HeapSize
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount

user32

LoadBitmapA
InvalidateRect
BeginPaint
EndPaint
PostQuitMessage
GetWindowRect
GetClientRect
SetWindowPos
DefWindowProcA
DestroyWindow
DialogBoxParamA
SendMessageA
FillRect
LoadStringA
LoadAcceleratorsA
PeekMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
EndDialog
CreateWindowExA
ShowWindow
UpdateWindow

gdi32

SelectObject
BitBlt
DeleteDC
CreateSolidBrush
DeleteObject
CreateCompatibleDC

shell32

ShellExecuteA

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6645c91c7bdc48a406512357f9ac293b

Headers

File Characteristics

Imports

winmm

crypt32

kernel32

user32

gdi32

shell32

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 220KB - Virtual size: 217KB

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 220KB - Virtual size: 217KB