f6a223bfa5eb7c017700a1f9269c36cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f6a223bfa5eb7c017700a1f9269c36cf_JaffaCakes118
Size

26KB
MD5

f6a223bfa5eb7c017700a1f9269c36cf
SHA1

796eb6cee06c2f79c9ea821a7400172c1604df63
SHA256

b28703874c7d2f95af427dc41d1fb4422ff7f7509e21f5b18d6cb55c3593a310
SHA512

71c3d2a285a32f0ca2f5271ca7b83ea4e99c756a7ac6106e20ccc6b21916fa5d1ba7541c6d3bd0a072e7eb4cc1204b31d7e42ade2a6c51b842fd34a95745cdb9
SSDEEP

384:XywPaMfyyptRdhZ4xcG1zK6WrYH5Cu+6WpAQRwF80R5p8qEFt9I7ryuL:iwPaaxptRdhOxcv67ZCpt6uT2yu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6a223bfa5eb7c017700a1f9269c36cf_JaffaCakes118

Files

f6a223bfa5eb7c017700a1f9269c36cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aaad6eaca551cb82310d37dbd1e9d2c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegEnumValueA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

user32

GetClientRect
wsprintfA
SetDlgItemTextA
CheckDlgButton
GetWindowTextA
IsDlgButtonChecked
TranslateMessage
DialogBoxParamA
IsDialogMessageA
EnableWindow
ReleaseDC
DestroyWindow
PeekMessageA
SetWindowPos
SendMessageA
DestroyIcon
ShowWindow
GetDC
LoadImageA
CharUpperA
GetDlgItem
DrawTextA
IsWindow
DispatchMessageA
MessageBoxA
InvalidateRect
LoadStringA
LoadBitmapA
GetWindowLongA
GetSysColor
GetWindowRect
MsgWaitForMultipleObjects
CharPrevA
CreateDialogParamA
SetWindowTextA
EndDialog
SendDlgItemMessageA
SetWindowLongA

advpack

RegInstall

gdi32

DeleteObject
CreateFontIndirectA
SetViewportOrgEx
RestoreDC
CreateSolidBrush
SetWindowOrgEx
GetObjectA
ModifyWorldTransform
SelectObject
SetTextColor
SetGraphicsMode
SaveDC
ExtTextOutA
BitBlt
GetTextMetricsA
GetDeviceCaps
SetBkColor
DeleteDC
CreateCompatibleDC
DPtoLP

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

atl

AtlMarshalPtrInProc

kernel32

GetWindowsDirectoryA
CloseHandle
InterlockedDecrement
lstrlenA
lstrcmpA
LocalFree
lstrcpyA
HeapReAlloc
DeleteCriticalSection
LoadLibraryA
CreateFileA
GetTickCount
HeapSize
GetModuleHandleA
GetProcessHeap
CreateEventA
InitializeCriticalSection
HeapAlloc
GetModuleFileNameA
VirtualAlloc
FreeLibrary
DisableThreadLibraryCalls
SetEvent
GetSystemDirectoryA
GetProcAddress
GetDiskFreeSpaceA
lstrcpynA
LocalAlloc
lstrcatA
InterlockedIncrement
HeapFree
CreateThread

ntdll

NtAddAtom

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aaad6eaca551cb82310d37dbd1e9d2c5

Headers

File Characteristics

Imports

advapi32

version

user32

advpack

gdi32

ole32

atl

kernel32

ntdll

Sections

.textbss Size: - Virtual size: 96KB

.text Size: 512B - Virtual size: 428B

.idata Size: 23KB - Virtual size: 23KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 216B

.textbss
Size: - Virtual size: 96KB

.text
Size: 512B - Virtual size: 428B

.idata
Size: 23KB - Virtual size: 23KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 216B