10da20ffa840f43aaf5a5b06cdd663d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10da20ffa840f43aaf5a5b06cdd663d8_JaffaCakes118
Size

40KB
MD5

10da20ffa840f43aaf5a5b06cdd663d8
SHA1

62b0d1358a9ced0dbea16c4fbd9841ace6280065
SHA256

dcfd3a212f9656bb1bb54a39afb3e3f26584dbecac1e094ddb2fc23dc8df767a
SHA512

838777b2e6f5716d925285191cdbd8ab7f60f4476c78e0392397166438177df3bc8d34cc7710d1beb229587aaf0bfa576bea4f64143187bdf2c6b03bd9e0e733
SSDEEP

768:RG8uvd7CF1qeH/Cl+vemobnEaJ6bJ4XMiXWotCGi:1+d7Uq4/wgtgD6bJ4XM0WotC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10da20ffa840f43aaf5a5b06cdd663d8_JaffaCakes118

Files

10da20ffa840f43aaf5a5b06cdd663d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b6f769024b3183758903ea39f7cf4bc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowA
DdeUninitialize
DdeClientTransaction
GetPropA
SetPropA
GetWindow
GetWindowThreadProcessId
DdeQueryNextServer
DdeConnectList
LoadStringA
GetClassNameA
GetDesktopWindow
DdeInitializeA
DdeFreeStringHandle
DdeCreateStringHandleA
DdeDisconnectList
wvsprintfA
CharNextA
GetLastActivePopup
SetForegroundWindow
wsprintfA
GetDlgItem
DispatchMessageA
PeekMessageA
SendDlgItemMessageA
GetClientRect
DestroyWindow
CreateDialogParamA
SetDlgItemTextA
GetSystemMenu
EnableMenuItem
LoadCursorA
SetCursor
GetDC
ReleaseDC
GetSystemMetrics
SystemParametersInfoA
MessageBoxA

kernel32

GlobalLock
LocalFree
OpenFile
Sleep
ord18
GlobalAlloc
GetPrivateProfileSectionA
GlobalFree
FindFirstFileA
FindClose
CreateFileA
WriteFile
lstrcatA
GetModuleFileNameA
GetPrivateProfileIntA
lstrlenA
DeleteFileA
SetFileAttributesA
GetLastError
MoveFileA
CloseHandle
lstrcpyA
LocalAlloc
lstrcpynA
GetDriveTypeA
MulDiv
WritePrivateProfileStringA
lstrcmpiA
WinExec
GetWindowsDirectoryA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
_llseek
_lread
_lclose
_lopen
GetPrivateProfileStringA
lstrcmpA

gdi32

GetTextExtentPointA
GetTextExtentExPointA
GetDeviceCaps

shell32

ord34
ord49
ord162
ord164
ord64
ord35
ord94
SHAddToRecentDocs
ord23
ord96
SHGetSpecialFolderLocation
ord196
ord195
ShellExecuteExA
ord51
ord157
ord37
ord58
ord119
ord36
ord29
ord175
ord155
ord163
ord45
ord171
SHGetPathFromIDListA
ord25
ord128
ord33
ord57
ord31
ord89
ord63
ord32
ord52
ord165
ord79

comctl32

ord324
ord321
ord233
ord234
ord73
ord323
ord326
ord320
ord17
ord357

advapi32

RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegSetValueA
RegCreateKeyA
RegQueryValueA
RegEnumValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b6f769024b3183758903ea39f7cf4bc4

Headers

File Characteristics

Imports

user32

kernel32

gdi32

shell32

comctl32

advapi32

version

Sections

.text Size: 18KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 292B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 18KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 292B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 12KB