0e8b2256a4ae7b3b87d9c909e6ef17b2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e8b2256a4ae7b3b87d9c909e6ef17b2_JaffaCakes118
Size

348KB
MD5

0e8b2256a4ae7b3b87d9c909e6ef17b2
SHA1

8a2b0e9bf571a8a4f439e548a29dfd0576c6e1ff
SHA256

bfd036c08bb16e260f02c8c946408296e0a387610c095db6f5975ef350458f35
SHA512

077538b087caa8e737fffeecf45e566acc342b2edd626559543e5b954e65c367c3a197272745aa1a4628313931666eff5367e04fb61603859af58cb4ded88c9e
SSDEEP

6144:1cpPos6Xgqvy2X+O+QC5vEAt+l93N2EYOVEEytZQ5xdwpfAXI94MwGVpoaP:mas6X3v2/hNnUNCOVEntZCxdOf2I94MB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e8b2256a4ae7b3b87d9c909e6ef17b2_JaffaCakes118

Files

0e8b2256a4ae7b3b87d9c909e6ef17b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8a97906edce2faba3a0c71c7605b087

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowRect
IsDialogMessageA
GetDlgItemTextA
EnumChildWindows
EndDeferWindowPos
TileWindows
GetWindowTextA
ChildWindowFromPointEx
SetForegroundWindow
MoveWindow
BeginDeferWindowPos
OpenClipboard
OpenIcon
ShowWindow

gdi32

GdiSetBatchLimit
FloodFill
EnumObjects
Escape
EndDoc
CopyMetaFileW
CreateSolidBrush
AbortDoc
GdiComment
CombineTransform

advapi32

AccessCheck
RegQueryValueExA
RegQueryValueA
RegReplaceKeyA
RegNotifyChangeKeyValue
RegisterEventSourceA
GetOldestEventLogRecord
RegFlushKey
RegQueryMultipleValuesA

kernel32

OpenEventA
PulseEvent
GlobalMemoryStatus
HeapSize
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
WritePrivateProfileStructA
GetStartupInfoA
GetProcAddress
GetEnvironmentVariableA
VirtualAllocEx
GetModuleHandleA
GetProfileIntA
OpenSemaphoreA
MultiByteToWideChar
GetCPInfoExA
SetEvent
GetThreadLocale
GlobalHandle
GetStringTypeA

winspool.drv

EnumPrintersA
DeletePrinter
DeletePrinterDriverExW
DeleteFormA
AddPrinterDriverA
DeletePrinterDriverW
AddPrintProcessorW
AddPrinterA
DeletePrinterKeyA
AddPrinterConnectionA
AddJobA
AddPrinterW

netapi32

NetFileClose
NetServerSetInfo
NetFileGetInfo
NetFileEnum
Netbios
NetConfigGetAll
NetGetAnyDCName
NetAuditClear
NetGroupAddUser
NetErrorLogClear
NetAuditRead
NetGetJoinableOUs

msvcrt

__setusermatherr
exit
_XcptFilter
_exit
__mb_cur_max
_isctype
_pctype
__getmainargs
_initterm
_acmdln
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bqh
Size: 319KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8a97906edce2faba3a0c71c7605b087

Headers

File Characteristics

Imports

user32

gdi32

advapi32

kernel32

winspool.drv

netapi32

msvcrt

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 103KB

.bqh Size: 319KB - Virtual size: 318KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 103KB

.bqh
Size: 319KB - Virtual size: 318KB

.rsrc
Size: 4KB - Virtual size: 4KB