0626c20836e4ca24e004eb1ac068f468_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0626c20836e4ca24e004eb1ac068f468_JaffaCakes118
Size

222KB
MD5

0626c20836e4ca24e004eb1ac068f468
SHA1

f14c701ca534a08dde8cec8c8904edf9218a9803
SHA256

ac961881e3c74e3039deb0376f25a21ef30696ca6bd345fb02600e34e1212d5b
SHA512

f03153616743b72f83b4e3fa09d1bab0bc50175951f43edc2b3c2da6fa0855fb9bb967feb27646a268187efbffa3e4f4b68b760bbde17e2aa1d6acbad9abfd41
SSDEEP

6144:N1h6DfLZX1u/7fPjBeTdA9kp3ot6ftCk47cxpu:N3kfLZc3jBom9k86fL47cxpu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0626c20836e4ca24e004eb1ac068f468_JaffaCakes118

Files

0626c20836e4ca24e004eb1ac068f468_JaffaCakes118
.exe windows:5 windows x86 arch:x86

450dbee833052c107402dcaa7498c33b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
MultiByteToWideChar
LCMapStringW
HeapSize
IsProcessorFeaturePresent
RtlUnwind
Sleep
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
DecodePointer
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetCurrentThreadId
GetCurrentDirectoryA
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetLastError
GetLastError
SetConsoleCursorPosition
HeapCreate
GetCurrentProcess
HeapAlloc
HeapSetInformation
GetCommandLineA
OpenFile
HeapReAlloc

user32

EndPaint
GetWindowRect
SetForegroundWindow
LoadStringA
GetParent
LoadMenuA
GetClientRect
SendMessageA
BeginPaint
GetDC
GetWindowLongA
CreateWindowExA
ReleaseDC
GetDlgItem
EndDialog
DefWindowProcA
ShowWindow
CreatePopupMenu
AppendMenuA
SystemParametersInfoA
IsWindowVisible
UpdateWindow
FindWindowA
LoadCursorA
MoveWindow
InvalidateRect

gdi32

StretchBlt
CreateFontIndirectA
DeleteObject
SelectObject
FillRgn
SetDCPenColor
SetStretchBltMode
CreateRectRgn
Polyline
CreateSolidBrush
TextOutA
GetStockObject

advapi32

LsaFreeMemory

shell32

Shell_NotifyIconA

comctl32

ord17

Sections

.data
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 145KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

450dbee833052c107402dcaa7498c33b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.data Size: 55KB - Virtual size: 55KB

.rdata Size: 9KB - Virtual size: 9KB

.text Size: 145KB - Virtual size: 185KB

.rsrc Size: 11KB - Virtual size: 10KB

.data
Size: 55KB - Virtual size: 55KB

.rdata
Size: 9KB - Virtual size: 9KB

.text
Size: 145KB - Virtual size: 185KB

.rsrc
Size: 11KB - Virtual size: 10KB