16ff16b20c1469eef77533d2e6e868d3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16ff16b20c1469eef77533d2e6e868d3_JaffaCakes118
Size

327KB
MD5

16ff16b20c1469eef77533d2e6e868d3
SHA1

76d0226ef560e1c551cf3c926d6ddda1d97cb568
SHA256

7988749b8489ddc8892a5907fc0562e10788463a93036d27abe780b19ea71ffa
SHA512

1312dce5b01158e764b5f20b3501f0adbca168331bae474e21cbc793b8fe6890d80ab684ef13030bdf906d777f58a3138793ed9552f01dd74c7e5e0ec3692e8f
SSDEEP

6144:6Kswm0JVJ7giEhkEtIxl7EJS8tk3A9sLpxJ4sI4dE+V4C8eiRgOR5edP6h0uS:6K5m0JVhjAIxl7EJS8u3A9sLmsiCsX5L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16ff16b20c1469eef77533d2e6e868d3_JaffaCakes118

Files

16ff16b20c1469eef77533d2e6e868d3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a387f6da00e3c42a10bb7c556e9c19f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\qx

Imports

user32

CreateWindowExA
GetWindowRgn
AppendMenuW
DestroyWindow
RegisterClassExA
DdeClientTransaction
ShowWindow
RegisterClassA
DefWindowProcA
MessageBoxW

kernel32

TlsFree
MultiByteToWideChar
CloseHandle
GetStdHandle
GetProcAddress
GetModuleFileNameW
HeapFree
LoadLibraryA
CompareStringA
ReadFile
UnhandledExceptionFilter
GetTimeFormatA
GetLocaleInfoA
EnumSystemLocalesA
TlsGetValue
WideCharToMultiByte
HeapReAlloc
IsValidCodePage
GetStartupInfoW
GetACP
HeapDestroy
GetCurrentThreadId
TerminateProcess
SetStdHandle
GetVersionExA
EnterCriticalSection
GetCurrentThread
VirtualFree
GetTimeZoneInformation
SetFilePointer
TlsAlloc
GetLocaleInfoW
HeapSize
IsValidLocale
HeapCreate
HeapAlloc
GetModuleFileNameA
GetCPInfo
VirtualProtect
GetEnvironmentStrings
IsBadWritePtr
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStringsW
CreateMutexA
SetEnvironmentVariableA
GetCommandLineW
LCMapStringA
CompareStringW
VirtualQuery
GetStartupInfoA
TlsSetValue
LeaveCriticalSection
LCMapStringW
GetTickCount
GetStringTypeA
SetLastError
GetCurrentProcess
GetStringTypeW
GetSystemInfo
GetUserDefaultLCID
SetHandleCount
GetLastError
WriteFile
GetDateFormatA
ExitProcess
DeleteCriticalSection
OpenMutexA
FreeEnvironmentStringsW
InitializeCriticalSection
GetThreadPriority
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCommandLineA
GetOEMCP
InterlockedExchange
GetModuleHandleA
GetFileType
RtlUnwind
VirtualAlloc
GetCurrentProcessId

comctl32

DrawStatusTextA
CreateStatusWindowA
InitCommonControlsEx

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a387f6da00e3c42a10bb7c556e9c19f6

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 82KB - Virtual size: 107KB

.data Size: 92KB - Virtual size: 92KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 82KB - Virtual size: 107KB

.data
Size: 92KB - Virtual size: 92KB

.rsrc
Size: 14KB - Virtual size: 14KB