04a65085e5ff3029a7e572c8594a3640_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04a65085e5ff3029a7e572c8594a3640_JaffaCakes118
Size

109KB
MD5

04a65085e5ff3029a7e572c8594a3640
SHA1

a79f522f3ef9ef38366538113812bc4293ef4cf5
SHA256

b5a8950dac11d7f004a90ce4cf618c483bc7410968138bce1ee2955ee6767ae8
SHA512

6e9f30c6bfbdd6566eea7944207dc9de6f52fd90984fc51851fce0ba18932640d6a042632131e708aa81eb0fed62d2d5736aaaedb508da9f51a2ec122eb96428
SSDEEP

1536:1gh/8hawFRFvmOMub9Id0FqHT9uaKJrs9WZ/uK5xOAJg2svVfpu:1gh/8hPHMkqdWuW/5xOug2svVfp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04a65085e5ff3029a7e572c8594a3640_JaffaCakes118

Files

04a65085e5ff3029a7e572c8594a3640_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a40a8225225ebaee101016c7dcb3057e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetGetConnectionA

kernel32

GetCommandLineA
GetSystemDirectoryA
CreateMutexA
GetModuleFileNameA
ExitThread
CreateProcessA
DeleteAtom
GetAtomNameA
HeapAlloc
IsDBCSLeadByte
AddAtomA
InitializeCriticalSection
LocalFree
LocalAlloc
lstrlenA
DeviceIoControl
CreateFileA
GetLastError
CloseHandle
FindResourceA
LoadResource
LockResource
SystemTimeToFileTime
GetComputerNameA
GetLocalTime
GetLocaleInfoA
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpyA
GetTimeFormatA
IsBadReadPtr
HeapFree
lstrcatA
GetProcessHeap
FreeLibrary
LoadLibraryA
GetProcAddress
lstrcmpA
OpenMutexA
ReleaseMutex
EnterCriticalSection
GetACP
Sleep
LeaveCriticalSection
lstrcpynA
DeleteCriticalSection
CreateThread
GetOEMCP
WideCharToMultiByte
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetCPInfo
FreeEnvironmentStringsA
UnhandledExceptionFilter
MultiByteToWideChar
TerminateProcess
ExitProcess
GetCurrentProcess
VirtualFree
GetStartupInfoA
GetModuleHandleA
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
GetVersion
RtlUnwind
WriteFile
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualAlloc

user32

SetFocus
EnumWindows
PostMessageA
IsWindowVisible
GetClassNameA
GetWindowTextA
LoadMenuA
CreateWindowExA
SetWindowLongA
SetWindowTextA
DestroyWindow
LoadCursorA
GetSysColorBrush
RegisterClassExA
FindWindowA
GetMessageA
TranslateMessage
GetWindowRect
CharPrevA
GetSystemMetrics
GetSysColor
InvalidateRect
SetForegroundWindow
SetTimer
MessageBoxA
SetWindowPos
WinHelpA
CreatePopupMenu
TrackPopupMenuEx
CharNextA
LoadImageA
DestroyMenu
SetActiveWindow
LoadAcceleratorsA
TranslateAcceleratorA
GetDlgItem
GetDlgCtrlID
ChildWindowFromPoint
CheckRadioButton
SendMessageA
IsDlgButtonChecked
EnableWindow
CheckDlgButton
EndDialog
ShowWindow
GetMenuStringA
LoadStringA
wsprintfA
KillTimer
EnableMenuItem
GetMenu
SetDlgItemTextA
DialogBoxParamA
GetCursorPos
DrawIconEx
FillRect
IsIconic
AppendMenuA
PostQuitMessage
GetSystemMenu
EndPaint
BeginPaint
DefWindowProcA
UpdateWindow
ScreenToClient
DispatchMessageA
GetWindowLongA
GetClientRect
DrawTextA

gdi32

GetStockObject
SelectObject
CreatePen
MoveToEx
DeleteObject
DeleteDC
CreatePalette
BitBlt
SetMapMode
CreateDIBitmap
RealizePalette
SelectPalette
GetMapMode
CreateCompatibleBitmap
PatBlt
CreateCompatibleDC
GetTextMetricsA
SetTextColor
CreateSolidBrush
CreateFontIndirectA
SelectClipRgn
SetBkMode
SetBkColor
CreateRectRgn
LineTo

winspool.drv

EnumPrintersA
GetJobA
SetJobA
EnumJobsA
GetPrinterA
OpenPrinterA
GetPrinterDriverA
ClosePrinter
SetPrinterDataA

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegEnumValueA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

Shell_NotifyIconA

imm32

ImmAssociateContext

winmm

PlaySoundA
waveOutGetNumDevs

comctl32

ord6
ord17

Sections

.tex FMX
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 40KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a40a8225225ebaee101016c7dcb3057e

Headers

File Characteristics

Imports

mpr

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

imm32

winmm

comctl32

Sections

.tex FMX Size: 56KB - Virtual size: 55KB

.rdata Size: 1024B - Virtual size: 835B

.data Size: 11KB - Virtual size: 15KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 34KB - Virtual size: 40KB

.tex FMX
Size: 56KB - Virtual size: 55KB

.rdata
Size: 1024B - Virtual size: 835B

.data
Size: 11KB - Virtual size: 15KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 34KB - Virtual size: 40KB