04ad3d325016a11314b612524f7f87aa_JaffaCakes118

General

Target

04ad3d325016a11314b612524f7f87aa_JaffaCakes118
Size

156KB
MD5

04ad3d325016a11314b612524f7f87aa
SHA1

1d5a1bc1d9e3e3a0cbdc56e83ea8000c4d4e887d
SHA256

5565b8d0c27d836930658fed83b37cc47dd44edbcbf03de66a2b19974f6891e6
SHA512

0a30416a96bbea2e15b4206857a898bae5d1876fb27ba6ed51460d0c7054698e166d1583d95029a44eddb4d1f6aa73fe0ee7f745bc82c5b0d758190b6a123c50
SSDEEP

3072:dD440wdsKfsCM9vd0UkmLSA+ecsM9JcrNclFtZPsVqFJWe3KW+/KXo:dDp0uNM9PjLSQNr6lsVqF9+KX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ad3d325016a11314b612524f7f87aa_JaffaCakes118

Files

04ad3d325016a11314b612524f7f87aa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62857eb0f1ce945ae95ca7ceb02e8b9d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shlwapi

SHDeleteEmptyKeyA
ord195
DllGetVersion
SHDeleteKeyA
PathRemoveBackslashA

ole32

CoUninitialize
CoInitialize

kernel32

GetVersionExW
GetVersionExA
WideCharToMultiByte
GetCommandLineW
GetModuleHandleA
GetEnvironmentVariableW
SetErrorMode
Sleep
ResetEvent
CreateEventA
GetWindowsDirectoryA
FormatMessageA
GlobalFree
WaitForMultipleObjects
CreateEventW
GetCurrentProcess
GetVolumeInformationA
GetDriveTypeA
VirtualAlloc
VirtualFree
CreateFileA
ReadFile
WriteFile
GetCurrentProcessId
GetModuleFileNameA
GetSystemTime
SystemTimeToFileTime
LocalAlloc
GetFileSize
SearchPathA
CreateSemaphoreA
OpenSemaphoreA
TryEnterCriticalSection
SwitchToThread
ResumeThread
CreateThread
TerminateThread
IsDBCSLeadByteEx
GetStringTypeW
HeapReAlloc
GetStringTypeA
GetCPInfo

user32

MessageBeep
GetWindowLongA
SendMessageA
GetDlgItem
MessageBoxW

winhttp

WinHttpCloseHandle
WinHttpConnect

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62857eb0f1ce945ae95ca7ceb02e8b9d

Headers

File Characteristics

Imports

shlwapi

ole32

kernel32

user32

winhttp

advapi32

shell32

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 23KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 248B

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 23KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 248B