068da7611bcb1bc339e0e114e1630a23_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

068da7611bcb1bc339e0e114e1630a23_JaffaCakes118
Size

120KB
MD5

068da7611bcb1bc339e0e114e1630a23
SHA1

40a4493655f41ca893bc0b7790e24e9b2809a623
SHA256

c278c3f39cbf56ab3f4717852f54d45a2d6af8676163e5280aef0fe90b2ed6d9
SHA512

e8f7a4d070bde1067949074897da751719ea35988a2a0d3cf6dbb5612e3d19154fdc9b2223a30568d8734472d34494d0d0afb4d604402f626c92e9b4431d9abe
SSDEEP

3072:/nj12FP1dk0KeUf40knCJXJhJMhpq6SDYHW+kqRJ7:/nCk06oKXJN1DY26p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
068da7611bcb1bc339e0e114e1630a23_JaffaCakes118

Files

068da7611bcb1bc339e0e114e1630a23_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7aca817249ba3aed089bd39affffaabf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadStringW
RegisterClipboardFormatW
KillTimer
SetClassLongW
TranslateAcceleratorW
SetMenu
IsWindowVisible
UnionRect
LoadImageA
ValidateRect
IsChild
GetCursorPos
VkKeyScanW
PtInRect
InsertMenuA
LoadCursorA
IsCharAlphaW
RegisterClassExW
SetScrollPos
LockWindowUpdate
IsZoomed

kernel32

GetProcessHeap
WriteFile
GetProcessTimes

winmm

waveInOpen
waveOutClose
waveInMessage
waveInGetDevCapsW
waveInGetID

gdi32

DeleteObject
DPtoLP
CreateCompatibleBitmap
EnumFontFamiliesA
CombineRgn
GetObjectW
SaveDC
CreatePenIndirect
SetTextAlign
GetDeviceCaps
ExtCreatePen
SetPolyFillMode
CreateCompatibleDC
SetViewportExtEx
GetObjectA
CreateDCW
GetObjectType
GetTextExtentPoint32A
GetStockObject
CreateBitmap
RectVisible
RestoreDC
ExtCreateRegion
SelectClipRgn
Polyline
SetPixelV
Rectangle
CreatePen
Polygon
GdiFlush
TextOutA
OffsetRgn
SetROP2
GetTextAlign
CreateFontW
GetTextColor
EnumFontFamiliesExW
GetNearestPaletteIndex
GetTextExtentPoint32W
GetTextCharsetInfo

advapi32

ChangeServiceConfigW
SetFileSecurityA
RegCreateKeyW
RegSetValueExA
CreateServiceW
RegQueryValueA
RegOpenKeyExA
QueryServiceStatus
SetSecurityDescriptorGroup
ReportEventA
MakeAbsoluteSD
LsaFreeMemory
GetKernelObjectSecurity
GetSidSubAuthorityCount
RegQueryValueW
RegisterServiceCtrlHandlerA
OpenSCManagerA
LookupPrivilegeValueW
StartServiceCtrlDispatcherW
RegCloseKey
GetAce
RegQueryInfoKeyW
CloseServiceHandle
InitializeSecurityDescriptor
RegConnectRegistryA
RegCreateKeyA
OpenSCManagerW
RegCreateKeyExW
RegCreateKeyExA
RegEnumKeyExA
InitiateSystemShutdownA
LookupAccountNameW
RegOpenKeyExW
AdjustTokenPrivileges
SetSecurityDescriptorSacl
AddAce

version

GetFileVersionInfoSizeA
VerQueryValueA

imm32

ImmGetContext
ImmGetIMEFileNameW
ImmReleaseContext
ImmGetOpenStatus
ImmAssociateContext

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7aca817249ba3aed089bd39affffaabf

Headers

File Characteristics

Imports

user32

kernel32

winmm

gdi32

advapi32

version

imm32

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 20KB - Virtual size: 48KB

.rsrc Size: 16KB - Virtual size: 13KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 20KB - Virtual size: 48KB

.rsrc
Size: 16KB - Virtual size: 13KB