04131da4f094254e44b966f4481a0f2d_JaffaCakes118

General

Target

04131da4f094254e44b966f4481a0f2d_JaffaCakes118
Size

179KB
MD5

04131da4f094254e44b966f4481a0f2d
SHA1

0101ce28638411bbe819f97849624d61ef47cac2
SHA256

9becba5d2330548a8d6161eb84c1037ef7f47e127cc20644a3197044faa38f52
SHA512

a4bd6d12b868d76c96cb99ee6e7bdd221e181c04c1811008d80421d66e8546fc3455403e7a23524eaf189d87e9deed89daac98d069c640b03fafc72978544c28
SSDEEP

3072:fAcbeg0PY8xK+N0sor3Ez8rrl0s0vFtuAoyNzTTw9H/kxiGg0:fAlgUrx941rrl0LPHNzvw9H/yiGg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04131da4f094254e44b966f4481a0f2d_JaffaCakes118

Files

04131da4f094254e44b966f4481a0f2d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c1df151a86497b47f36142e10bd27339

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
Sleep
SuspendThread
GetCurrentThread
CloseHandle
OutputDebugStringA
GetTickCount
lstrcatA
SetErrorMode
lstrlenA
IsBadCodePtr
CompareStringA
GetThreadLocale
GetStartupInfoA
GetProcAddress
LoadLibraryA
SetStdHandle
ReadFile
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
SetFilePointer
GetLastError
RaiseException
SetEnvironmentVariableA
CompareStringW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualAlloc
WriteFile
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetCommandLineA
GetVersion
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind

user32

GetCursorPos
SetCursorPos
FindWindowA
GetParent
UpdateWindow
IsWindowEnabled
PeekMessageW
GetDesktopWindow
wsprintfA
SetWindowTextA
LoadCursorA
CharNextA
MoveWindow
GetWindowTextLengthA
GetWindowTextA
PostMessageA
MessageBoxW
EnumChildWindows

shlwapi

PathAddBackslashA

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c1df151a86497b47f36142e10bd27339

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 120KB - Virtual size: 188KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 120KB - Virtual size: 188KB