0adc244286a786b15c1d22c1f471a7d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0adc244286a786b15c1d22c1f471a7d8_JaffaCakes118
Size

142KB
MD5

0adc244286a786b15c1d22c1f471a7d8
SHA1

4d312f73314aef54d9798648eb84793421016787
SHA256

b1ff0786a42eb22444336eb96b2e5b5388be6f68d6567fbc735a85209e5f970d
SHA512

56c7cebf30cdd431dcd277896d38bab11d1a2635d2214434856b92a4a5388776ba58173bea5e30c9dcc603194db4949ad6dacac2ae06191ee3c0c0132b69151e
SSDEEP

3072:nd8tDuzGsptjF5JlNSplIYz5SGR2kIQ7g2i0lG/Gnc:nd8tuGctjFPlN6IxL2iCG/G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0adc244286a786b15c1d22c1f471a7d8_JaffaCakes118

Files

0adc244286a786b15c1d22c1f471a7d8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e4d6bb9f902b1c94dca329422a382e2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCurrentDirectoryA
GetSystemWindowsDirectoryW
TerminateProcess
WritePrivateProfileSectionW
GetModuleHandleA
FormatMessageA
VirtualProtect
CreateMutexA
SetCurrentDirectoryW
VirtualAlloc
ReadFile
LoadLibraryW
VirtualFree
SetConsoleMode
LockResource
ExitThread
WritePrivateProfileSectionA
OutputDebugStringA
TlsGetValue
GetNumberFormatW
GetExitCodeProcess
SetFileTime
TlsAlloc
SetFilePointer
LeaveCriticalSection
GetStringTypeA
GetProcAddress
ResetEvent

msvcrt

memset
__winitenv
strerror
__set_app_type

user32

IsWindow
wsprintfA
CallWindowProcW
LoadCursorW
DrawEdge
CreateWindowExA
CopyRect
GetForegroundWindow
DispatchMessageW
GetClipboardData

gdi32

LineTo
GetRegionData
CreateSolidBrush
GetTextExtentPoint32W
GetTextMetricsW
CreateBitmap
SetStretchBltMode
DeleteDC
DeleteObject
StretchBlt
GetStockObject
SelectPalette
SetBkMode
CreateCompatibleBitmap
CreateRoundRectRgn
TextOutW
SetTextColor
BitBlt
ExtTextOutW

tapi32

lineGetCallInfoA
lineAgentSpecific
lineMakeCallW
lineGetAddressCaps
tapiGetLocationInfoW

Exports

Exports

FfdYpvvdxuJgkqeuxJfqxQx
DrrOzvb
StquAiehPztqgumUg

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4d6bb9f902b1c94dca329422a382e2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

tapi32

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 51KB - Virtual size: 51KB

.CRT Size: 39KB - Virtual size: 38KB

.rsrc Size: 34KB - Virtual size: 33KB

.reloc Size: 512B - Virtual size: 136B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 51KB - Virtual size: 51KB

.CRT
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 34KB - Virtual size: 33KB

.reloc
Size: 512B - Virtual size: 136B