030b6743f7439480c865276f6d362ce0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

030b6743f7439480c865276f6d362ce0_JaffaCakes118
Size

199KB
MD5

030b6743f7439480c865276f6d362ce0
SHA1

82fb53e0e5a4b8f3fb29e3d6e1eabaf75e0c5407
SHA256

efe5eb6e759aff89311cc9614b8cb15adb5ca8b7f30b5e809408bd98060d0000
SHA512

dd474557936d756b4073f9704341283750889df97206b54d5d600455cb0ebebf8c4c0131890c012f787f854b33a8356e411bfeaa1e292052b2ec53ddf73a8585
SSDEEP

6144:IInT6P+agGQaEk+lazLJoCAUIWd5xdMQP8dp:bq+/GQRauUIsP4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
030b6743f7439480c865276f6d362ce0_JaffaCakes118

Files

030b6743f7439480c865276f6d362ce0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2bc24869571be6bf0dc00633bbcb0065

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CreatePopupMenu
DeleteMenu
GetMessagePos
GetClientRect
GetWindowDC
EnableWindow
IntersectRect
RegisterClipboardFormatW

advapi32

InitializeSecurityDescriptor
GetTokenInformation
RegEnumKeyExW
RegDeleteValueW

kernel32

VirtualFree
GetLastError
GetModuleHandleA
DeleteCriticalSection
FreeLibrary
GetCurrentProcess
GetProcessHeap
GetCommandLineA
UnhandledExceptionFilter
GetTickCount
HeapFree
VirtualAlloc
ExitProcess
GetConsoleMode
FindClose
GetSystemDirectoryW
VirtualAlloc
GetModuleHandleA
VirtualFree
GetCommandLineA
GetLastError
SetStdHandle
GetCurrentProcess
GlobalUnlock
ExitProcess
GetTickCount

gdi32

StartPage
SetBkColor
GetDeviceCaps
CreateRectRgn
SetBkMode
LineTo
CreateFontIndirectA
RestoreDC
CreateFontA
ExtCreateRegion
StartPage
EnumFontFamiliesExW
GetDIBColorTable
SetDIBColorTable
GetTextFaceW

ntdll

NtQueryKey
RtlCreateSecurityDescriptor
NtTerminateProcess
RtlDeleteCriticalSection
RtlLengthSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtDeviceIoControlFile
RtlAdjustPrivilege
NtOpenProcessToken
RtlReAllocateHeap

version

VerQueryValueA
GetFileVersionInfoA

ole32

CoInitialize

msvcrt

strstr
_wcsdup
__setusermatherr
calloc
isdigit
_beginthreadex
_lock
_errno
qsort
__CxxFrameHandler
malloc
sprintf
_exit
wcscmp
wcschr
_c_exit
_vsnwprintf

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 77KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bc24869571be6bf0dc00633bbcb0065

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

kernel32

gdi32

ntdll

version

ole32

msvcrt

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 21KB - Virtual size: 29KB

.rdata Size: 77KB - Virtual size: 516KB

.rdata Size: 75KB - Virtual size: 75KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 21KB - Virtual size: 29KB

.rdata
Size: 77KB - Virtual size: 516KB

.rdata
Size: 75KB - Virtual size: 75KB

.rsrc
Size: 16KB - Virtual size: 16KB