1062f474899b9743997db0afbdb99a5b_JaffaCakes118

General

Target

1062f474899b9743997db0afbdb99a5b_JaffaCakes118
Size

158KB
MD5

1062f474899b9743997db0afbdb99a5b
SHA1

1205005e1588d3aa6db7761b257cdaeff4cb3a63
SHA256

c4cdc83ec411fa4604d66c47d5fb3613d9755230495ab2be758546ea247de467
SHA512

8eb9f6d8d6f9929095bf66d9eb1a4f22567059fa9453bac04c2ced85ab586804706f0ac6761048afa8faef11fd55399c3491ca97766c3e53a35e3f4631b4cba9
SSDEEP

3072:D51sYpQ+2Tfv2byApfoBIcETevvdJlI9sz9Kg7WhvDgEuHNkh8s+hkJ:xqFvuvWIevNBB77YgEuHR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1062f474899b9743997db0afbdb99a5b_JaffaCakes118

Files

1062f474899b9743997db0afbdb99a5b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3026bcd69202757e957bfe501635c1da

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shlwapi

SHDeleteEmptyKeyA
ord195
UrlHashA
SHDeleteKeyA
PathRemoveBackslashA

ole32

CoCreateInstance
CoInitialize

kernel32

GetVersionExW
GetVersionExA
WideCharToMultiByte
GetCommandLineA
GetModuleHandleA
GetEnvironmentVariableW
SetErrorMode
Sleep
ResetEvent
CreateEventW
GetWindowsDirectoryW
FormatMessageW
GlobalFree
WaitForMultipleObjects
CreateEventA
GetCurrentProcess
GetVolumeInformationA
GetDriveTypeW
VirtualAlloc
VirtualFree
CreateFileW
ReadFile
WriteFile
GetCurrentProcessId
GetModuleFileNameW
GetSystemTime
SystemTimeToFileTime
LocalAlloc
GetFileSize
SearchPathW
CreateSemaphoreW
OpenSemaphoreW
TryEnterCriticalSection
SwitchToThread
ResumeThread
CreateThread
TerminateThread
IsDBCSLeadByteEx
GetStringTypeA
HeapReAlloc
GetStringTypeA
GetCPInfo

user32

MessageBeep
GetWindowLongA
SendMessageA
GetDlgItem
MessageBoxW

gdiplus

GdiplusShutdown
GdiplusStartup

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey

shell32

SHGetFolderPathW

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3026bcd69202757e957bfe501635c1da

Headers

File Characteristics

Imports

shlwapi

ole32

kernel32

user32

gdiplus

advapi32

shell32

Sections

.text Size: 134KB - Virtual size: 134KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 20KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 278B

.text
Size: 134KB - Virtual size: 134KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 20KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 278B