29d4e5ebd3a739246d67416c0c4893b2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

29d4e5ebd3a739246d67416c0c4893b2_JaffaCakes118
Size

88KB
MD5

29d4e5ebd3a739246d67416c0c4893b2
SHA1

026609761fc6dae087c36a4bdf03aa0952244926
SHA256

b4d505536e9d9a96446dec7cb39c9e281eb64e253e42356951a69d6e9b490659
SHA512

14e176dbc74551ff9638227f66227a2bc805dc1b2d4d0baec78233911bafab4eaa8381eefc0418960ef47d2adc57137298161dc0e04183d08f053caa22e9ed61
SSDEEP

1536:lkjhrpwrXap9zGPCBs75Qte9Y5PEv0/3WN:lki+96PVtQKYBk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29d4e5ebd3a739246d67416c0c4893b2_JaffaCakes118

Files

29d4e5ebd3a739246d67416c0c4893b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4cabc77f2d3c16b3f0e3dff3f9d7bac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedExchange
lstrlenW
GlobalUnlock
GlobalFree
lstrcmpiW
LocalAlloc
LocalFree
UnhandledExceptionFilter
InterlockedCompareExchange
GetCurrentProcess
SetFilePointer
ReadFile
DeleteFileW
CloseHandle
WriteFile
GetTempPathW
GetTempFileNameW
CreateFileW
FormatMessageA
MultiByteToWideChar
lstrlenA
GetFileAttributesExA
WaitForMultipleObjects
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileSectionW
GetCommandLineW
SetErrorMode
ExpandEnvironmentStringsW
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
lstrcmpW
VirtualProtect
Sleep
GetCommandLineA

user32

FillRect
SendMessageW
PtInRect
SetRect
CharNextW
LoadCursorW
LoadStringW
SetCursor
ScreenToClient
ClientToScreen
GetSysColor
GetFocus
InvalidateRect
ReleaseDC

advapi32

RegEnumValueW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

gdi32

CreateBitmap
GetDeviceCaps
SelectObject
CreateHatchBrush

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

msvcrt

_cexit
_ismbblead
exit
_acmdln
_adjust_fdiv
free
memset
_stricmp
rand
_CxxThrowException
malloc
memmove
_amsg_exit
_initterm
_ftol
_except_handler3
memcpy

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cabc77f2d3c16b3f0e3dff3f9d7bac1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 35KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 35KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB