093ef611d67c7134681206b4a968658b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

093ef611d67c7134681206b4a968658b_JaffaCakes118
Size

132KB
MD5

093ef611d67c7134681206b4a968658b
SHA1

79b0a34c47655c73c3f5a600f6a8c8989f256977
SHA256

14e99edde5d510031f0c9aa39687b5f8226611364bf376acf70f3ceaa14195f0
SHA512

c809131abf198861b62c204196a71f38c6854d1b537622498894d1002944466d3af6310d8b2ca049791e1360a92f89a01a48aef066c6b178a0874bb84ed3862c
SSDEEP

3072:j8iJm55vV2Z87Zlj0hzCtg23Fa0AoetnZ:C55t2Z87nkSg23A0A1R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
093ef611d67c7134681206b4a968658b_JaffaCakes118

Files

093ef611d67c7134681206b4a968658b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

db53dd411208e4dd6f83e16ed4fd1b6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
InterlockedIncrement
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateEventA
CreateThread
Sleep
WaitForMultipleObjects
lstrlenW
LoadLibraryA
CreateMutexA
GetCurrentThreadId
GetCommandLineA
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
ExitProcess
GetStartupInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CompareFileTime
GetProcAddress
InterlockedDecrement
HeapReAlloc
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
HeapSize
GetCurrentProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
RtlUnwind
TerminateProcess
IsBadWritePtr
LocalFree
VirtualFree

user32

EnumDisplaySettingsA
PostThreadMessageA
CharNextA
ChangeDisplaySettingsExA
ChangeDisplaySettingsA
PostMessageA
SendNotifyMessageA
FindWindowA
KillTimer
DefWindowProcA
RegisterClassA
CreateWindowExA
GetMessageA
DispatchMessageA
SetTimer
PostQuitMessage
RegisterWindowMessageA

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegQueryInfoKeyA

ole32

CoRevokeClassObject
CoRegisterClassObject
CoSuspendClassObjects
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString
VariantClear

shlwapi

PathFindExtensionA

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db53dd411208e4dd6f83e16ed4fd1b6f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 56KB - Virtual size: 55KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 4KB - Virtual size: 2KB