e824a73d88b9765985521ab74290a3b9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e824a73d88b9765985521ab74290a3b9_JaffaCakes118
Size

48KB
MD5

e824a73d88b9765985521ab74290a3b9
SHA1

342f0a37383772bb20eccaea65052afb1ccfea79
SHA256

b7b961f0673317cae29397cb520b1ed6bb3d152586b906fca98c0d309a5c24b4
SHA512

6cd932d3f637faeeead687f06e794d8c5417cebf5bb8ff128e3ca7513ed2fbd861bc56a80f5d4a5d340b7baa8c63539a384d5f5c5a8096377fb4a3e8a3497e2c
SSDEEP

768:Xt8aSHlCO0Ffbsfd0o/IZmtsQF+hYVhiBqrFx0oaaFa5DO42k9nK6FdM3SLBp:XyaNth2gstsqCza4pUqK6eYBp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e824a73d88b9765985521ab74290a3b9_JaffaCakes118

Files

e824a73d88b9765985521ab74290a3b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da7d4866ff36956eca5eb6cec38e8b59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtAddAtom

atl

AtlMarshalPtrInProc

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

advapi32

RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegSetValueExA
RegEnumKeyExA

advpack

RegInstall

gdi32

SetGraphicsMode
DeleteObject
CreateFontIndirectA
SetViewportOrgEx
SetWindowOrgEx
ModifyWorldTransform
SelectObject
DPtoLP
CreateSolidBrush
ExtTextOutA
CreateCompatibleDC
BitBlt
SetBkColor
GetTextMetricsA
RestoreDC
SaveDC
DeleteDC
GetObjectA
GetDeviceCaps
SetTextColor

user32

CharPrevA
EndDialog
ShowWindow
IsDialogMessageA
SendDlgItemMessageA
wsprintfA
LoadImageA
GetWindowRect
DestroyIcon
DestroyWindow
SetDlgItemTextA
SetWindowLongA
SetWindowPos
TranslateMessage
SetWindowTextA
GetDC
InvalidateRect
MessageBoxA
DrawTextA
GetWindowLongA
DialogBoxParamA
LoadBitmapA
GetWindowTextA
MsgWaitForMultipleObjects
CreateDialogParamA
IsWindow
DispatchMessageA
IsDlgButtonChecked
ReleaseDC
CheckDlgButton
GetClientRect
PeekMessageA
GetDlgItem
SendMessageA
CharUpperA
GetSysColor
LoadStringA
EnableWindow

kernel32

DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
CreateThread
GetSystemDirectoryA
lstrlenA
FreeLibrary
DeleteCriticalSection
GetModuleFileNameA
GetModuleHandleA
HeapReAlloc
GetDiskFreeSpaceA
VirtualAlloc
lstrcatA
GetTickCount
lstrcmpA
SetEvent
InitializeCriticalSection
LocalFree
GetProcAddress
CreateEventA
LocalAlloc
LoadLibraryA
HeapSize
GetProcessHeap
CreateFileA
lstrcmpiA
lstrcpynA
lstrcpyA
GetWindowsDirectoryA
HeapFree
CloseHandle

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da7d4866ff36956eca5eb6cec38e8b59

Headers

File Characteristics

Imports

ntdll

atl

ole32

advapi32

advpack

gdi32

user32

kernel32

version

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 424B

.idata Size: 46KB - Virtual size: 45KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 448B

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 424B

.idata
Size: 46KB - Virtual size: 45KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 448B