29144b4a727835e7770714d640274ddd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29144b4a727835e7770714d640274ddd_JaffaCakes118
Size

297KB
MD5

29144b4a727835e7770714d640274ddd
SHA1

8105b2222df399e694e68fd434c8ba8582e44475
SHA256

c2e2b4281be578a9d648ca681067cb81267924929585ca879e341b09e4add696
SHA512

456f57fe794ddd241e6087e317e6d6801a300e3c5c203c3cc26cd6bdbb763de69433cdbfdba5fa4dd66f1c363d27c64598944c633f6e8b4c233a760b7b57f5aa
SSDEEP

6144:BMmlhp6ZJJp0+75andqYPcKXIgpER5AaIainvLXaRUShl6:aTpxaIccKXhCR5GainzMbv6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29144b4a727835e7770714d640274ddd_JaffaCakes118

Files

29144b4a727835e7770714d640274ddd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

40e25149a4f3c9e8aa8c2bc4f9d29097

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUnwind

advapi32

CryptImportKey
CryptSignHashA
CryptGenKey
CryptDestroyHash
CryptVerifySignatureA
RegQueryValueExA
CryptExportKey
RegCloseKey
RegSetValueExA
CryptHashData
CryptDestroyKey
TraceEvent
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptGetHashParam
RegCreateKeyExA
CryptReleaseContext
CryptEncrypt

kernel32

FreeLibrary
SetFilePointer
SystemTimeToFileTime
GetModuleHandleW
CreateFileMappingW
FileTimeToSystemTime
HeapFree
GetSystemDefaultLangID
VirtualProtect
GetCurrentThreadId
LocalFree
DeleteCriticalSection
SetLastError
WaitForSingleObject
DeviceIoControl
GetLocalTime
ReadFile
IsProcessorFeaturePresent
CreateEventW
ResetEvent
LocalAlloc
GlobalMemoryStatus
lstrlenA
GetProcessHeap
FreeEnvironmentStringsA
lstrlenW
CloseHandle
UnhandledExceptionFilter
MapViewOfFile
GetDiskFreeSpaceA
GetFileSize
FreeEnvironmentStringsW
LeaveCriticalSection
WideCharToMultiByte
EnterCriticalSection
UnmapViewOfFile
VirtualFree
SetUnhandledExceptionFilter
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CreateFileW
VirtualAlloc
QueryPerformanceCounter
VirtualAllocEx

msvcrt

_vsnwprintf
_purecall
memcpy
wcsstr
memset
_itow
rand
malloc
_onexit
memmove
_unlock
_lock
_initterm
_amsg_exit
time
free
_XcptFilter
wcsncmp
wcschr
_wcsnicmp
_ui64tow
srand
__dllonexit
_wtoi

rpcrt4

I_RpcMapWin32Status
RpcStringFreeW
UuidFromStringW
UuidToStringW

user32

GetKeyboardLayout
DialogBoxParamA
IsIconic
InvalidateRect
CopyRect
GetFocus
GetWindowRgn
CreateMenu
GetAsyncKeyState
EnumClipboardFormats
OffsetRect
RegisterClassExA
CharPrevW
InsertMenuItemA
SetWindowLongW
CreateDesktopW
GetDlgItemTextW
IsWindow

dpnet

DirectPlay8Create

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 256KB - Virtual size: 13.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40e25149a4f3c9e8aa8c2bc4f9d29097

Headers

File Characteristics

Imports

ntdll

advapi32

kernel32

msvcrt

rpcrt4

user32

dpnet

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 256KB - Virtual size: 13.7MB

.rdata Size: 3KB - Virtual size: 402KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 256KB - Virtual size: 13.7MB

.rdata
Size: 3KB - Virtual size: 402KB

.rsrc
Size: 12KB - Virtual size: 11KB