e1e6646855b506b4e0354996b46053b4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e1e6646855b506b4e0354996b46053b4_JaffaCakes118
Size

99KB
MD5

e1e6646855b506b4e0354996b46053b4
SHA1

cd2a54fdf6a18cde079a54e84f8c061a63bfe6ad
SHA256

21ee0d18abfb110e45d37473b6a419dd499cebaa5e58ee9412bc0c62132ec94c
SHA512

40649f7b6456c90a799acdcec6bfbe273b83a9f07e2023c374d08f2430da2fe689e40bd0e1e2cc6b5e841300e553ad865db751276ead69060b7929cc17b1bc37
SSDEEP

768:slxKPM6LvdBkD8VovmoCI8PPmg5RjTvMNuyeQu5uKNnAmX9LLb3bbFaEmVjrNF7A:sdGv3XCvmosHAUUF7A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1e6646855b506b4e0354996b46053b4_JaffaCakes118

Files

e1e6646855b506b4e0354996b46053b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5d38f5887454c4070e164892bf85acf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lopen
lstrlenA
_lread
lstrcpyA
GetModuleFileNameA
GetModuleHandleA
GetCommandLineA
SetErrorMode
GetPrivateProfileIntA
GetTempFileNameA
GetExitCodeProcess
WaitForSingleObject
_lwrite
CreateDirectoryA
GetPrivateProfileStringA
_llseek
CreateFileA
_lcreat
_lclose
Sleep
GetCurrentProcess
ExitProcess
LoadLibraryA
GetProcAddress
lstrcmpA
FreeLibrary
GetTempPathA
GlobalUnlock
GlobalFree
GlobalAlloc
lstrcatA
FindResourceA
SizeofResource
LoadResource
LockResource
FreeResource
GetVersionExA
GetSystemDirectoryA
lstrcmpiA
DeleteFileA
CloseHandle
GetFileTime
MulDiv
GlobalLock

user32

GetDlgItemTextA
EndDialog
DestroyWindow
CharNextA
PeekMessageA
DispatchMessageA
BeginPaint
EndPaint
TranslateMessage
PostQuitMessage
ReleaseDC
InvalidateRect
CreateWindowExA
SetWindowPos
SetTimer
LoadIconA
LoadCursorA
RegisterClassA
DefWindowProcA
ExitWindowsEx
DialogBoxParamA
wsprintfA
ShowWindow
UpdateWindow
GetDC
MessageBoxA

gdi32

GetStockObject
DeleteObject
GetTextExtentPointA
TextOutA
SetTextColor
SetBkMode
SelectObject
StretchDIBits
CreateFontA
RealizePalette
SelectPalette
CreatePalette
GetDeviceCaps

advapi32

RegEnumValueA
RegQueryValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
CloseServiceHandle
OpenSCManagerA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA

shell32

ShellExecuteExA

Exports

Exports

_MainWndProc@16
_PasswordDlg@16
_UpdateCRC@8

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WISE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5d38f5887454c4070e164892bf85acf

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1KB - Virtual size: 1KB

.WISE Size: 512B - Virtual size: 4B

.rsrc Size: 84KB - Virtual size: 104KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

.WISE
Size: 512B - Virtual size: 4B

.rsrc
Size: 84KB - Virtual size: 104KB