102acc206bfd8e02539fe06e90798d40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

102acc206bfd8e02539fe06e90798d40_JaffaCakes118
Size

182KB
MD5

102acc206bfd8e02539fe06e90798d40
SHA1

da19a0bbf0c44d9639bff4f78012bde15718c342
SHA256

71faf2d3052767e8acb5d49c43a08e9e4df7343e16550f3e7b3f18bcef38a9ee
SHA512

366edd471102ce7439706eb7170041ddbaf18e961c14420922f2b0cebf860fe527ee66df1ebd8415ddf40b85285e4c61f3cd334fc954211141cab9df7b626d0a
SSDEEP

3072:Hv6hrqu2ISQB/KnunLz6uh+gZMd9M+W6FdefHAHdwkiiXDJNDbT5qj:CRDzRGuhyDFyHAHd1lDJNDbwj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
102acc206bfd8e02539fe06e90798d40_JaffaCakes118

Files

102acc206bfd8e02539fe06e90798d40_JaffaCakes118
.dll windows:4 windows x86 arch:x86

646cb43e0f0a4923f61d9989bb374b04

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Europe\WARRANTIES\Rights\Contact\From\Middle.pdb

Imports

kernel32

IsValidCodePage
lstrcmpiW
LocalUnlock
LocalLock
UnhandledExceptionFilter
LocalFree
LeaveCriticalSection
CreateEventA
WaitForSingleObject
EnterCriticalSection
InitializeCriticalSection
GetFileSize
lstrcpynA
MapViewOfFile
lstrcatA
CreateFileA
lstrcmpA
FreeLibrary
GetLastError
GlobalFree
GlobalLock
GetACP
SizeofResource
FreeResource
LockResource
LoadResource
GetTempPathA
DeleteFileA
Sleep
GlobalUnlock
DeleteCriticalSection
GlobalReAlloc
MultiByteToWideChar
HeapAlloc
HeapReAlloc
HeapDestroy
lstrlenA
QueryPerformanceCounter
GetModuleHandleA
IsBadWritePtr
IsBadReadPtr
GetConsoleTitleW
GetCurrentProcessId
GetModuleFileNameW
GetEnvironmentVariableW
DisableThreadLibraryCalls
lstrlenW
GetLocaleInfoW
ReadFile
lstrcpynW

user32

FillRect
CallWindowProcW
MapWindowPoints
EndPaint
GetClientRect
SetScrollInfo
MoveWindow
SetClassLongW
GetKeyState
ScrollWindowEx
SetScrollPos
DefWindowProcW
GetNextDlgTabItem
GetParent
SetForegroundWindow
KillTimer
GetDlgItem
SetTimer
SetWindowLongW
IsWindowVisible
RedrawWindow
UpdateWindow
InvalidateRect
CopyIcon
EnableWindow
UnregisterClassW
GetSysColor
GetSystemMetrics
ClientToScreen
ReleaseDC
wsprintfA
SetWindowPos
GetWindowTextLengthA
AnyPopup
GetActiveWindow
CreateIconFromResourceEx
CopyImage
DrawTextW
ActivateKeyboardLayout
GetWindowTextLengthW
SetRect

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyW

ole32

CoInitialize

msvcrt

realloc
wcscmp
wcsstr
wcsrchr
exit
sprintf
free
sscanf
rand
getenv
malloc
memmove
qsort
getc
isdigit
isspace
srand
time

Exports

Exports

EstateWarrantyOf
ExclusionFor

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 383B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bss
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

646cb43e0f0a4923f61d9989bb374b04

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

msvcrt

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.xdata Size: 4KB - Virtual size: 383B

bss Size: 4KB - Virtual size: 200B

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 32KB - Virtual size: 217KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 32KB - Virtual size: 28KB

.xdata
Size: 4KB - Virtual size: 383B

bss
Size: 4KB - Virtual size: 200B

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 32KB - Virtual size: 217KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 1KB