e214b8c2041c0af98ce0874046f11972_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e214b8c2041c0af98ce0874046f11972_JaffaCakes118
Size

142KB
MD5

e214b8c2041c0af98ce0874046f11972
SHA1

427b440c501d45cdda79dbf83a53441456117f12
SHA256

6226b0a4eef8b29367aea512e825459c9e913d884e9c4acd333efb5999a3badf
SHA512

94279f3bcb705e726965dd131c57a54d3ad8cc48db0f8e8ab2bafa364e88f0003754f3b1ecac9457dc8d395dcd3e0380debf03edd7f47d365fe76c40be0c6937
SSDEEP

3072:JdflNP+vmbw5hUljm7HdBOqT/ou/HYmv8RHuEsQ7t1tYUhZyst:JddN2ow7U9m7eqkQHY7Dsw1tYUry

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e214b8c2041c0af98ce0874046f11972_JaffaCakes118

Files

e214b8c2041c0af98ce0874046f11972_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e4d6bb9f902b1c94dca329422a382e2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetSystemWindowsDirectoryW
TerminateProcess
WritePrivateProfileSectionW
GetModuleHandleA
FormatMessageA
VirtualProtect
CreateMutexA
SetCurrentDirectoryW
VirtualAlloc
ReadFile
LoadLibraryW
VirtualFree
SetConsoleMode
LockResource
ExitThread
WritePrivateProfileSectionA
OutputDebugStringA
TlsGetValue
GetNumberFormatW
GetExitCodeProcess
SetFileTime
TlsAlloc
SetFilePointer
LeaveCriticalSection
GetStringTypeA
GetProcAddress
ResetEvent

msvcrt

memset
__winitenv
strerror
__set_app_type

user32

IsWindow
wsprintfA
CallWindowProcW
LoadCursorW
DrawEdge
CreateWindowExA
CopyRect
GetForegroundWindow
DispatchMessageW
GetClipboardData

gdi32

LineTo
GetRegionData
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
CreateBitmap
SetStretchBltMode
DeleteDC
DeleteObject
StretchBlt
GetStockObject
SelectPalette
SetBkMode
CreateCompatibleBitmap
CreateRoundRectRgn
TextOutW
SetTextColor
BitBlt
ExtTextOutW

tapi32

lineGetCallInfoA
lineAgentSpecific
lineMakeCallW
lineGetAddressCaps
tapiGetLocationInfoW

Exports

Exports

FfdYpvvdxuJgkqeuxJfqxQx
DrrOzvb
StquAiehPztqgumUg

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4d6bb9f902b1c94dca329422a382e2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

tapi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 51KB - Virtual size: 51KB

.CRT Size: 39KB - Virtual size: 38KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 136B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 51KB - Virtual size: 51KB

.CRT
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 136B