0a94db20f6aee474982a7d16d8f6eec5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0a94db20f6aee474982a7d16d8f6eec5_JaffaCakes118
Size

89KB
MD5

0a94db20f6aee474982a7d16d8f6eec5
SHA1

8ed0d11942d99d0f198104785329f90786cd73db
SHA256

5a261d08e67bc63b200e7fb41bdd106629a2217a709dfa36bb085c0e56f4a9e1
SHA512

4a3840e95e972964980a1915b72c335a7ef4fab0060d6ec3d96be66ac6bc476fd14ae61660db048f775a9c68ce10f6b73c8678047e6b3adca8df31b369e95220
SSDEEP

1536:50CvPQS4AUB7+WppNXl+OrBmodw90qQzBK+czRflYIbPGVbtbxXtr+q:tvPmA6BbN7NmhDMbQJ/buVbZr3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a94db20f6aee474982a7d16d8f6eec5_JaffaCakes118

Files

0a94db20f6aee474982a7d16d8f6eec5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fb1f51281d5936067155a977d9851f28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_vsnprintf

shlwapi

StrDupA
ord29
StrCmpW

shell32

SHBindToParent
SHCreateShellItem
ord165

ws2_32

WSAStartup
WSAGetLastError
setsockopt
WSACleanup
WSASetLastError

kernel32

ExpandEnvironmentStringsA
SetFileTime
MulDiv
GetProcAddress
VirtualProtectEx
GetLocalTime
LoadLibraryA
lstrcpyA
GetFileSize
SetCriticalSectionSpinCount
GlobalMemoryStatus
TryEnterCriticalSection
FindResourceW
GetModuleHandleW
LoadResource
SystemTimeToFileTime
GlobalSize
GetProcessHeap
HeapDestroy
GetFileAttributesW
GetProcessHeaps
GlobalFree
FindClose
DeleteCriticalSection
CloseHandle
GetVersion
GlobalAddAtomW
LocalFree
GlobalReAlloc
SetFileAttributesW
SetEnvironmentVariableW
FindResourceExA
GetCurrentProcess
WaitForMultipleObjects
GetFileInformationByHandle
FreeLibrary

user32

GetClassLongW
BeginPaint
GetWindowTextLengthA
FindWindowExA
IsWindowEnabled
GetLastActivePopup
GetMessageExtraInfo
SetWindowRgn
EndPaint
MoveWindow
IsCharAlphaNumericA
SetClipboardData
UpdateWindow
SetCaretPos
DrawTextExA
DestroyCursor
ChangeClipboardChain
GetWindowPlacement
GetDC
CreateIconIndirect
ShowCaret
RedrawWindow
LoadAcceleratorsA
CreateWindowExW
IsWindowVisible
SwitchToThisWindow
CallWindowProcW
DispatchMessageW
GetClassWord
TranslateMessage
LockWindowUpdate
ScrollDC
PeekMessageA
MessageBoxW
TranslateAcceleratorA
GetMessagePos
GetWindowLongW

gdi32

GetObjectW
CreateCompatibleDC
GetTextMetricsW
DescribePixelFormat
LPtoDP
GetDCPenColor
GetCharWidthA
Chord
DeleteObject
UnrealizeObject
GetDeviceCaps
RestoreDC
GetPixel
SetTextJustification

advapi32

CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
SetThreadToken
OpenThreadToken
SetTokenInformation

Exports

Exports

_FindDataByInfo@8
_FindDataInApp@4
_FindKeyByString@8
_FindKeyValues@12
_GetKeyInfo@20

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb1f51281d5936067155a977d9851f28

Headers

File Characteristics

Imports

ntdll

shlwapi

shell32

ws2_32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 11KB

.code Size: 1024B - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 614B

.text
Size: 12KB - Virtual size: 11KB

.code
Size: 1024B - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 614B