ef53b535957675f2e1a68ab83982f399_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef53b535957675f2e1a68ab83982f399_JaffaCakes118
Size

392KB
MD5

ef53b535957675f2e1a68ab83982f399
SHA1

2ea36339a33c983e61205c1961aef1bc17f0661b
SHA256

5a94a991baa7f005a56d288a58980ed8168f1c4d760867585d3a65c390a240b0
SHA512

80ec16121049b1da57de6fe47744bb30e7a246ed28751505222c74c38d81d60e4cb558f281d452b946a4977905c9022b83bd3a3c0469c526fcb0e28c7693c8ee
SSDEEP

12288:3LsxQlWZq48IIsiv9tGhwnDZruJ2x1e2RT:4C76IXM6D0OQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef53b535957675f2e1a68ab83982f399_JaffaCakes118

Files

ef53b535957675f2e1a68ab83982f399_JaffaCakes118
.exe windows:5 windows x86 arch:x86

abcd29ad9cdbba3ee868b150963e3148

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
GetUserDefaultLangID
CreateMutexA
InitializeCriticalSection
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreatePipe
WinExec
lstrcpyA
lstrcpynA
lstrcatA
Sleep
ReadFile
GetCurrentProcess
DuplicateHandle
LocalFree
CreateProcessA
CreateThread
ResumeThread
WaitForSingleObject
CloseHandle
lstrlenA
GetVersionExA
GetModuleHandleA
GetLastError
FormatMessageA

user32

LoadImageA
RegisterClassExA
DestroyCursor
DefWindowProcA
SetTimer
DestroyIcon
DispatchMessageA
TranslateMessage
RegisterWindowMessageA
CreateWindowExA
PostQuitMessage
MessageBoxA
LoadStringA
PostMessageA
IsWindow
SetWindowTextA
EnableWindow
GetSysColor
FillRect
DialogBoxParamA
ShowWindow
GetDlgItem
SetFocus
EndDialog
CharLowerA
FindWindowA
GetWindowThreadProcessId
SendMessageA
MessageBeep
SetCursor
GetWindowRect
SystemParametersInfoA
GetSystemMetrics
SetWindowPos
SetForegroundWindow
GetCursorPos
TrackPopupMenu
DestroyMenu
CreatePopupMenu
InsertMenuItemA
GetMessageA

gdi32

GetDeviceCaps
SetTextColor
SelectObject
CreateCompatibleDC
SetBkColor
BitBlt
DeleteDC
DeleteObject
TextOutA

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumKeyA
RegQueryValueExA
OpenSCManagerA
OpenServiceA
ControlService
QueryServiceStatus
StartServiceA
CloseServiceHandle
RegConnectRegistryA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetMalloc
Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize

msvcr71

sprintf
strcmp
free
memset
strstr
strcat
strcpy
strlen
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_strupr
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_strdup
_amsg_exit

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aaa1
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aaa2
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aaa3
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.aa03
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0a0a
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0b0a
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0b0c
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0d0c
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0e0c
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0e1c
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0e2c
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abcd29ad9cdbba3ee868b150963e3148

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcr71

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 1016B

.aaa1 Size: 119KB - Virtual size: 118KB

.aaa2 Size: 119KB - Virtual size: 118KB

.aaa3 Size: 119KB - Virtual size: 118KB

.aa03 Size: 512B - Virtual size: 228B

.0a0a Size: 512B - Virtual size: 224B

.0b0a Size: 512B - Virtual size: 224B

.0b0c Size: 512B - Virtual size: 226B

.0d0c Size: 512B - Virtual size: 240B

.0e0c Size: 512B - Virtual size: 232B

.0e1c Size: 512B - Virtual size: 236B

.0e2c Size: 512B - Virtual size: 236B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 198B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 1016B

.aaa1
Size: 119KB - Virtual size: 118KB

.aaa2
Size: 119KB - Virtual size: 118KB

.aaa3
Size: 119KB - Virtual size: 118KB

.aa03
Size: 512B - Virtual size: 228B

.0a0a
Size: 512B - Virtual size: 224B

.0b0a
Size: 512B - Virtual size: 224B

.0b0c
Size: 512B - Virtual size: 226B

.0d0c
Size: 512B - Virtual size: 240B

.0e0c
Size: 512B - Virtual size: 232B

.0e1c
Size: 512B - Virtual size: 236B

.0e2c
Size: 512B - Virtual size: 236B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 198B