1651cb302d6e5597e202986550fc1adc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1651cb302d6e5597e202986550fc1adc_JaffaCakes118
Size

604KB
MD5

1651cb302d6e5597e202986550fc1adc
SHA1

baa5b735f151915a19cf415cb4b03e59197bfac4
SHA256

9dbc595498a1e1d1db34ca07f1f8715043f6a3e25bfbeedae0e9f1108b1fb674
SHA512

6debb72def604bc4c6330d8a1fa72c35495feb6f64e6f4265fa713fcae4104397d24e47c0ea1179b4a4f666f6a98bbe0797abafd0ff7e98936114dad33db831b
SSDEEP

12288:xqzfcZtYP2V8zm6xz4duJTZAbW9tuKc4yxqXr7bFdm5Uf01p8kkoTB:xqzfcZtYP2V8zZz4dMRruKc4wqXjFM5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1651cb302d6e5597e202986550fc1adc_JaffaCakes118

Files

1651cb302d6e5597e202986550fc1adc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

227f2686e22b9003e209699d7763bc62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
free
modf
memmove
_ftol
atoi
_strnicmp
sprintf
strncmp
??3@YAXPAX@Z
strncpy

user32

GetWindowLongA
CallWindowProcA
SetFocus
PostQuitMessage
DefWindowProcA
RegisterClassExA
LoadCursorA
LoadIconA
SendMessageA
CreateWindowExA
IsWindowEnabled
EnableWindow
MapWindowPoints
SetWindowLongA
GetWindowRect
MoveWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
IsWindow
UpdateWindow
ShowWindow
IsWindowVisible
DispatchMessageA
TranslateMessage
GetMessageA
MessageBoxA
SetWindowPos
wsprintfA
PeekMessageA
GetParent
GetWindowThreadProcessId
FindWindowExA
GetSystemMetrics

kernel32

CloseHandle
Process32Next
OpenProcess
VirtualAllocEx
CreateToolhelp32Snapshot
CreateRemoteThread
LoadLibraryA
GetProcAddress
GetModuleHandleA
WriteProcessMemory
HeapFree
LCMapStringA
GetVersionExA
GetFileSize
ReadFile
GetEnvironmentVariableA
GetStartupInfoA
CreateProcessA
CreateFileA
WriteFile
IsBadReadPtr
Process32First
HeapReAlloc
HeapAlloc
ExitProcess
GetProcessHeap
ReadProcessMemory
GetCurrentProcess
lstrcpyn
RtlMoveMemory
GetExitCodeThread
WaitForSingleObject
VirtualFreeEx
DuplicateHandle

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation

shlwapi

PathIsDirectoryA

comctl32

ord17

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 536KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

227f2686e22b9003e209699d7763bc62

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

shell32

shlwapi

comctl32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 536KB - Virtual size: 581KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 536KB - Virtual size: 581KB

.rsrc
Size: 16KB - Virtual size: 14KB