ef4b3ba7b515c5de7564c7d3d0cdef16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef4b3ba7b515c5de7564c7d3d0cdef16_JaffaCakes118
Size

576KB
MD5

ef4b3ba7b515c5de7564c7d3d0cdef16
SHA1

eaebaa0fcea32fb8983ba127c957a2e6a48cef55
SHA256

6f2c491eda26bce40f5da7d197dcac285f6d7ec95cfa90e921f3e9c82bd5e76b
SHA512

a204a19b52057f8b91ce71e6d94cc333faeb2d718de4b46a4c2c55becaec248fbc93a952de87709816f52eff67a9bf0b6f0b9af303721f89f6cc126707482f85
SSDEEP

12288:0V0+LmjFW3Yj4RLhbtEAr6ImC/36ej7/Rxq2iUBSE:0O+LwHuOPD2LNp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef4b3ba7b515c5de7564c7d3d0cdef16_JaffaCakes118

Files

ef4b3ba7b515c5de7564c7d3d0cdef16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

faf3c20ede282f65e34dcf95613f78ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ClipCursor
InvalidateRect
SetThreadDesktop
GetClipboardViewer
ScrollWindow
SetWindowPlacement
SendMessageA
GetQueueStatus
SetWindowRgn
EnumDisplayDevicesW
DrawCaption
mouse_event
GrayStringA
GetWindowDC
EmptyClipboard
SetParent
ToUnicodeEx
UnhookWindowsHook
GetMessageTime
LoadImageW
RemovePropW
InsertMenuW
GetWindowRect
GetKeyboardLayout
IsZoomed
IntersectRect
MoveWindow
DefDlgProcA
GrayStringW
LookupIconIdFromDirectory

ws2_32

WSAAccept
WSADuplicateSocketA
WSASocketW
WSAAsyncGetProtoByNumber
WSALookupServiceNextW
WSACleanup
WSAConnect
WSASendDisconnect

kernel32

CompareStringW
FatalAppExitA
SetCommTimeouts
SetConsoleTitleA
ReadDirectoryChangesW
GetCommandLineW
lstrcmpiW
ClearCommBreak
EnumResourceNamesW
DebugBreak
FindResourceExW
SetConsoleOutputCP
GetVolumeInformationW
CompareStringA
EnumDateFormatsW
CreateIoCompletionPort
RemoveDirectoryA
ExitProcess
GetUserDefaultLCID
FormatMessageA
GetConsoleCursorInfo
WritePrivateProfileSectionW
GetModuleHandleA
MoveFileW
DeleteCriticalSection
ReleaseSemaphore
OutputDebugStringW
MoveFileExA
GetSystemInfo
SetCommMask
DeleteFiber
IsBadStringPtrA
EnumSystemCodePagesW
GetWindowsDirectoryA
GetVersion
GlobalDeleteAtom
IsDBCSLeadByteEx
WritePrivateProfileStringW
SwitchToFiber
LocalReAlloc
GetModuleFileNameW
GetSystemDirectoryW
SetStdHandle
_lopen
ReleaseMutex
CreateWaitableTimerA
SetErrorMode
CreateMutexA

advapi32

AbortSystemShutdownW
AllocateAndInitializeSid
LogonUserW
BuildSecurityDescriptorW
LookupAccountSidA
CryptDeriveKey
CryptCreateHash
ObjectDeleteAuditAlarmW
GetUserNameA
SetSecurityDescriptorSacl
ChangeServiceConfigW
GetSidIdentifierAuthority
CryptGetKeyParam
ImpersonateLoggedOnUser
SetKernelObjectSecurity
SetSecurityDescriptorDacl
AddAce
GetServiceDisplayNameW
AddAccessDeniedAce
RegQueryValueExA
ReportEventA

msvcrt

mktime
fopen
wcsncmp
_wfopen
realloc
_wgetcwd
_kbhit
_wcslwr
_beginthreadex
freopen
fwrite
strftime
setlocale
srand
_waccess

Sections

.text
Size: 5KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faf3c20ede282f65e34dcf95613f78ba

Headers

File Characteristics

Imports

user32

ws2_32

kernel32

advapi32

msvcrt

Sections

.text Size: 5KB - Virtual size: 221KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 264KB - Virtual size: 264KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 5KB - Virtual size: 221KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 264KB - Virtual size: 264KB

.rsrc
Size: 16KB - Virtual size: 16KB