0411aceb47d7e89ef571a65e2413c636_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0411aceb47d7e89ef571a65e2413c636_JaffaCakes118
Size

643KB
MD5

0411aceb47d7e89ef571a65e2413c636
SHA1

c63af2d1750c483377cb35b3b1559b438a76c6ba
SHA256

e6b2598eb4d8fde9625988115ceb2e3160d846092d5a7721cb2e34e1ddb36eeb
SHA512

c56f8613216133fceccf3184ed82e29ea00f4b7e6eaf5de484fa58df7422f732933da2d94edf9eeef1fe7a5d4cf3b5fb297eefac9d0938782b0b17080a9f4700
SSDEEP

6144:HqDRlRtK03Kr79fGIk0IvoaK1f7W8DM+UAMBhPzptzU2aCP5y/w:HYRlRkOa7pG0rPbDwhrnzBaCBl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0411aceb47d7e89ef571a65e2413c636_JaffaCakes118

Files

0411aceb47d7e89ef571a65e2413c636_JaffaCakes118
.exe windows:4 windows x86 arch:x86

245459f8c8d0d896355a0795220fa664

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
GetPrivateProfileSectionW
CreateDirectoryA
LoadLibraryExA
SetVolumeLabelA
GetProfileIntA
ReadConsoleOutputA
GetVersion
ReadDirectoryChangesW
GetComputerNameW
CompareStringW
GetModuleFileNameW
OpenMutexA
LoadResource
_lopen
SetThreadPriorityBoost
SetEndOfFile
ExitProcess
GlobalReAlloc
ReleaseMutex
IsDBCSLeadByteEx
LocalLock
CreateEventA
SetSystemTime
MoveFileW
GetProcessHeap
GetACP
GetSystemTimeAdjustment
GetOEMCP
SetThreadLocale

gdi32

EndDoc
GetRgnBox
PathToRegion
SetBitmapDimensionEx
SetPixelFormat
GetClipRgn

comdlg32

ReplaceTextA
GetOpenFileNameW

ole32

OleSetMenuDescriptor
CoRegisterMallocSpy
OleSaveToStream
CoLockObjectExternal

ws2_32

WSAConnect
gethostbyaddr
ntohl
getservbyname
WSAGetServiceClassInfoW
select
WSALookupServiceNextW
WSAAccept
WSASetBlockingHook
WSASetLastError

shell32

SHGetPathFromIDListA
SHAddToRecentDocs
SHGetSpecialFolderLocation
ShellExecuteA

user32

SystemParametersInfoW
SendDlgItemMessageA
IsDialogMessageW
MapVirtualKeyExW
GetClassNameA
IsCharLowerW
SetParent
CloseClipboard
ChangeMenuA
GetMessageExtraInfo
LoadKeyboardLayoutA
EmptyClipboard

advapi32

CryptExportKey
OpenEventLogW
OpenSCManagerW
NotifyBootConfigStatus
QueryServiceConfigA
AllocateAndInitializeSid
InitiateSystemShutdownA
GetSidLengthRequired
AccessCheckAndAuditAlarmW
SetTokenInformation
LookupPrivilegeDisplayNameA
ControlService
MakeSelfRelativeSD
RegEnumValueA
CryptReleaseContext

msvcrt

wcslen
fputc
_ismbblead
remove
_spawnlp
_open
iswprint
_stricmp
strncmp
strtod
_strnicmp
wcscpy
abort
swscanf
setbuf
_write
wcstombs
isupper
iswxdigit
_wstrtime
_mbsicmp
_wopen
__doserrno
_ltow
ceil
__p___argc
putchar

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245459f8c8d0d896355a0795220fa664

Headers

File Characteristics

Imports

kernel32

gdi32

comdlg32

ole32

ws2_32

shell32

user32

advapi32

msvcrt

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 323KB - Virtual size: 323KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 323KB - Virtual size: 323KB

.rsrc
Size: 10KB - Virtual size: 9KB