f652b4f4d0659eb3837569a8aaffc170_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f652b4f4d0659eb3837569a8aaffc170_JaffaCakes118
Size

124KB
MD5

f652b4f4d0659eb3837569a8aaffc170
SHA1

0bf4f404e2c8a5fba6547a7bd76f3743ac3f8f12
SHA256

2784e6a423cc59b1f1a22f96803a3e45c4d992915f0bcfa949def20ee70d9d23
SHA512

e1ba7b8ba5aa2af547fb75fbb4cae26a2569f1522affdebc14d0da744dcec0bea55d8433950a2230966336d4bda7963ffcc4796287d82ace15bae9ba2ece9fbe
SSDEEP

3072:TKzR3AOfnWDAd4XZ+ONkJMintAtejrB3JsRBZUe4py:cV7AAIkJMintVFJCIe4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f652b4f4d0659eb3837569a8aaffc170_JaffaCakes118

Files

f652b4f4d0659eb3837569a8aaffc170_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3c2e8f25006c89f7aa2af7b01765d756

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExA
RegEnumValueW
CryptDestroyKey
RegCreateKeyExW
RegCreateKeyExA
CryptDestroyHash
RegEnumKeyExW
RegQueryInfoKeyA
RegDeleteKeyA
CryptHashData
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegDeleteKeyW

gdi32

GetDeviceCaps
TextOutW
GetTextExtentPoint32A
CreateFontIndirectA
CreatePalette
CreateCompatibleDC
RealizePalette
SelectObject
SetTextColor
SelectPalette
DeleteObject
SetBkMode
CreatePen
DeleteDC
GetObjectA
BitBlt
SetStretchBltMode
CreateDIBitmap

user32

SetForegroundWindow
LoadIconA
GetWindowLongA
GetDesktopWindow
MessageBoxW
RegisterClassA
MessageBoxA
EndPaint
CharNextW
CreateWindowExA
EnumDisplayMonitors
DrawTextW
SetWindowLongA
LoadStringW
ReleaseDC
GetDC
CharNextA
DefWindowProcA
LoadBitmapA
GetSystemMetrics
SystemParametersInfoA
BeginPaint
UnregisterClassA
UpdateWindow
DestroyWindow
LoadImageA

kernel32

GetCurrentThreadId
GetStdHandle
LCMapStringA
FindResourceExA
DeleteAtom
CreateMutexA
GetModuleHandleW
GetProcAddress
OutputDebugStringW
MoveFileW
GetEnvironmentVariableA
HeapSize
GetThreadLocale
InitializeCriticalSection
TlsFree
CompareFileTime
WriteFile
GetFileSize
LoadLibraryA
Sleep
UnmapViewOfFile
GetModuleFileNameW
ExitProcess
lstrcpynW
TlsAlloc
HeapReAlloc
QueryPerformanceCounter
WideCharToMultiByte
CreateEventA
CreateFileMappingW
lstrcmpiA
FreeResource
CreateFileMappingA
TlsSetValue
GetFileAttributesW
FindAtomW
EnumDateFormatsA
AddAtomW
GetSystemTime
CreateDirectoryW
SizeofResource
VirtualAlloc
GetSystemTimeAsFileTime
CreateFileW
VirtualAllocEx
lstrlenW
CopyFileW
EnterCriticalSection
MulDiv
GetModuleHandleA
GlobalUnlock
CloseHandle
FindResourceA
GetCurrentProcessId
GetVersion
ReadFile
FreeLibrary
LCMapStringW
IsDebuggerPresent
FlushFileBuffers
GetCurrentProcess
GetFileAttributesExW
GlobalAlloc
SystemTimeToFileTime
TlsGetValue
LocalFree
GetVersionExA
TerminateProcess
CreateProcessW
EnumSystemCodePagesA

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c2e8f25006c89f7aa2af7b01765d756

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

user32

kernel32

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 78KB - Virtual size: 78KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 78KB - Virtual size: 78KB

.rsrc
Size: 1KB - Virtual size: 1KB