fa121e5cab14ebeaaa587208cb1fb17c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa121e5cab14ebeaaa587208cb1fb17c_JaffaCakes118
Size

190KB
MD5

fa121e5cab14ebeaaa587208cb1fb17c
SHA1

9788ebdd96f358b37deadd5eb1ed922f07367acb
SHA256

970337d5714df6d0dd3c51d9bbfa94a5c5500cdcf94b09c352f30d8fe8932aca
SHA512

96a77d61228f6e2b2e133b79ad4e5fcd386c13dd8373b50bfdc437eb067bbbe4057789a5b2b40eb7f0d0f626243fbd8b1d1da74eb3025aada329fd0148a4f7e1
SSDEEP

3072:dcw7Tim01LBIwLtz//qltceUuYLHZk7vqSOfwj2DddG2GEBJVIwNNrcEuDT:6wj4VLtmltceu9k7vQwqDddfT4EuDT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa121e5cab14ebeaaa587208cb1fb17c_JaffaCakes118

Files

fa121e5cab14ebeaaa587208cb1fb17c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a64bbd3277d6803582b885f6694574ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

TerminateThread
ResumeThread
GetTapeParameters
GetCurrentThreadId
CreateThread
LoadResource
VirtualAlloc
GetACP
GetProcessHeap
LoadLibraryW
InterlockedIncrement
IsBadWritePtr
Sleep
WideCharToMultiByte
IsBadReadPtr
CloseHandle
DisableThreadLibraryCalls
ClearCommError
GetLastError
CreateFileW
DeleteCriticalSection
InterlockedDecrement
ReleaseMutex
ResetEvent
GetCurrentThread
WaitForMultipleObjects
VirtualFree
GetSystemTimeAsFileTime
GetModuleFileNameW
GetTickCount
EnumResourceNamesA
LockResource
GetExitCodeThread
MultiByteToWideChar
SetThreadPriority
LoadLibraryA
SetEvent
CreateSemaphoreA
WaitForSingleObject
HeapFree
CreateEventA
CreateMutexA
GetCurrentProcessId
QueryPerformanceCounter
InitializeCriticalSection
ReleaseSemaphore
LeaveCriticalSection
FatalExit
GetVersionExA
EnterCriticalSection
FreeLibrary
lstrlenA
GetSystemInfo
FindResourceA
GetThreadPriority
GetModuleFileNameA
GlobalAlloc
GetProcAddress
LocalFree
GetSystemTime
ExitProcess

user32

MsgWaitForMultipleObjects
MonitorFromWindow
CopyRect
GetQueueStatus
LoadStringA
RegisterClassA
wsprintfA
wvsprintfA
GetMessageA
DispatchMessageA
RegisterWindowMessageA
PeekMessageA
PostThreadMessageA
CreateWindowExA
DestroyWindow

oleacc

LresultFromObject
CreateStdAccessibleObject

shell32

SHGetSpecialFolderPathA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueA
RegCreateKeyA
RegCreateKeyExA
RegDeleteKeyA
RegSetValueExA
RegEnumKeyExA

ole32

CreateStreamOnHGlobal
CLSIDFromString
CoTaskMemFree
CoInitializeEx
CoFreeUnusedLibraries
CoUninitialize
CoRegisterClassObject
CoCreateInstance
StringFromCLSID
StringFromGUID2
GetRunningObjectTable
CoInitialize
CoRevokeClassObject
CreateItemMoniker
CoTaskMemAlloc

winmm

timeBeginPeriod
timeGetTime
timeGetDevCaps
timeEndPeriod

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a64bbd3277d6803582b885f6694574ba

Headers

File Characteristics

Imports

kernel32

user32

oleacc

shell32

advapi32

ole32

winmm

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 56KB - Virtual size: 56KB

.lib Size: 512B - Virtual size: 108KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 56KB - Virtual size: 56KB

.lib
Size: 512B - Virtual size: 108KB