0fd20dc8de7dc8ca5b7d1b4132cb3315_JaffaCakes118

General

Target

0fd20dc8de7dc8ca5b7d1b4132cb3315_JaffaCakes118
Size

168KB
MD5

0fd20dc8de7dc8ca5b7d1b4132cb3315
SHA1

11a07470523dec8789646e35faf34f4e559c5ac1
SHA256

659b5ebc09294d0f36654063719f62aee06390115183313adb7ab686b9369796
SHA512

5b9e2baf2d63e5b14645c8ce5469ce6f20103f0168a8be8c680637c1df404acc8ed10125dda6844de876e65b45ecabc7752e6e5ea4d9286890f5292ecef2d10d
SSDEEP

3072:XPooLtotUsOSGofV4991dQ+KJvv18hZqWMq:9LZSxYTa+KJvvqh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fd20dc8de7dc8ca5b7d1b4132cb3315_JaffaCakes118

Files

0fd20dc8de7dc8ca5b7d1b4132cb3315_JaffaCakes118
.exe windows:4 windows x86 arch:x86

75d67246a121335a9c0ce9b1d97e5458

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateMutexA
CopyFileA
GetModuleFileNameA
SizeofResource
LockResource
FreeResource
LoadResource
FindResourceA
GetFileAttributesA
FreeLibrary
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetVersion
GetWindowsDirectoryA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
CreateFileA
SetFilePointer
WinExec
ReleaseMutex
CloseHandle
FlushFileBuffers
SetStdHandle
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
WriteFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetStringTypeW

user32

FindWindowA
KillTimer
PostQuitMessage
SetTimer
BeginPaint
EndPaint
CreateWindowExA
LoadCursorA
RegisterClassExA
wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75d67246a121335a9c0ce9b1d97e5458

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 132KB - Virtual size: 128KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 132KB - Virtual size: 128KB