fa47843f78e2a1bcb19fe1f6a66e6cb1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa47843f78e2a1bcb19fe1f6a66e6cb1_JaffaCakes118
Size

179KB
MD5

fa47843f78e2a1bcb19fe1f6a66e6cb1
SHA1

80cdba09b3e3df9773e6190947cd6404e860e0a9
SHA256

604549dcf6247293800f3d40aa779780ffec11a5684217fb282a254d81641680
SHA512

616e807d196929471d0ea56602feba63cdff23a4a676cb6660528a9cfe58146fb7821695f754c99358a31a6161f7a1e0c00a4a4928d06b5647211fef53792293
SSDEEP

3072:H6aRu3GZr8/ENJY0yJzUDffe+vMf8pLrIGcFT7ZvsDcBX3RVm5M97510M2m4DTE:Hru3Gx8/qJ24fe+kf8BkGqvBX3WMF7lk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa47843f78e2a1bcb19fe1f6a66e6cb1_JaffaCakes118

Files

fa47843f78e2a1bcb19fe1f6a66e6cb1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10a345092eed2c644bdb51b97ec6bc20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
HeapFree
QueryPerformanceCounter
CreateProcessA
RaiseException
HeapFree
HeapDestroy
SystemTimeToFileTime
GetTickCount
lstrlenA
GetSystemTime
GetProcessHeap
TerminateProcess
GetCurrentProcessId
Sleep
GetThreadLocale
GetLocaleInfoA
GetModuleHandleA
LoadLibraryExW
WriteFile
SetUnhandledExceptionFilter
EnumSystemLanguageGroupsW
lstrlenW
HeapAlloc
WideCharToMultiByte
LoadLibraryW
GetCurrentThreadId
GetEnvironmentVariableA
InterlockedExchange
MultiByteToWideChar
LocalAlloc
GetACP
GetWriteWatch
GetStartupInfoA
IsDebuggerPresent
UnhandledExceptionFilter
GetStdHandle
HeapReAlloc
InterlockedCompareExchange
GetSystemTimeAsFileTime
CreateFileW
CloseHandle
HeapSize
lstrcpynW

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow

winmm

mciSendCommandA
sndPlaySoundA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyA
RegSetValueExA

gdi32

GetDeviceCaps
TextOutA
DeleteObject
GetStockObject
BitBlt
RestoreDC
CreateRectRgn
SetTextColor
CreateSolidBrush
CreateFontIndirectA
DeleteDC
GetObjectA
DeleteMetaFile
CreateCompatibleDC
EnumFontFamiliesExA
SetBkMode
Rectangle
SelectObject
SaveDC
GetTextExtentPoint32A
CreateCompatibleBitmap

user32

FillRect
GetWindowLongA
GetDlgItem
SetWindowLongA
GetDC
LoadCursorA
ReleaseCapture
MoveWindow
SetCursor
GetSysColor
ReleaseDC
GetWindowInfo
SetWindowPos
IsWindow
SetCapture

ole32

ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10a345092eed2c644bdb51b97ec6bc20

Headers

File Characteristics

Imports

kernel32

shell32

version

oleacc

winmm

advapi32

gdi32

user32

ole32

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 3KB - Virtual size: 146KB

.data Size: 110KB - Virtual size: 109KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 3KB - Virtual size: 146KB

.data
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 512B - Virtual size: 4KB