30a9948292ef8f85f5b0b1fa9691e3e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30a9948292ef8f85f5b0b1fa9691e3e5_JaffaCakes118
Size

183KB
MD5

30a9948292ef8f85f5b0b1fa9691e3e5
SHA1

9d88b6fee9bb8472c8fbe85ad33525d588ab98f0
SHA256

ef6fa6c4e7be0903bf67bd7f0610a4ad687dd977fe46b00018e7fdad888fe096
SHA512

f394fa963804737b319dc3dbe91f0ef2e3a65fddfb33af23c52e553a6339fd135f59b389f44f4d5b7b231b26f83257ae946f40aa9c47cba55e2a35509f8c4e62
SSDEEP

3072:yJllHO1zWBsipfC2SwUEkP8zaS95j7seOdplv4slwfMZA1S:e4WBsearhEkUN95Me0plv5lwfi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30a9948292ef8f85f5b0b1fa9691e3e5_JaffaCakes118

Files

30a9948292ef8f85f5b0b1fa9691e3e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6979c2ae464c5cbadfc9b5f1f29521aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetLengthSid
RegEnumKeyExA
RegCreateKeyA
RegQueryValueExA

kernel32

IsBadHugeReadPtr
ExitProcess
GetCommandLineA
GetCommandLineW
VirtualAlloc
GetProcAddress
LoadLibraryA
GetOEMCP
GetModuleHandleA
lstrlenW
ExitThread
GetLastError

user32

OemToCharA
ScrollWindow
PeekMessageW
MessageBeep
ScreenToClient
SetActiveWindow
LoadCursorA
MessageBoxA
LoadBitmapA
LoadIconA
PostQuitMessage
RedrawWindow
LoadStringA
RegisterClassA
LoadKeyboardLayoutA
OpenClipboard
OffsetRect
SendMessageW
MapVirtualKeyA
PostMessageA
ReleaseDC
RegisterWindowMessageA
RemovePropA
ReleaseCapture
SendMessageA
PeekMessageA
MapWindowPoints
PtInRect
RegisterClipboardFormatA
RemoveMenu

oleaut32

SysReAllocStringLen
SafeArrayGetElement
SafeArrayGetUBound
VariantCopyInd
SafeArrayCreate
SysFreeString
RegisterTypeLib
SysStringLen

ole32

PropVariantClear
CLSIDFromProgID
CreateBindCtx
CoDisconnectObject

version

VerInstallFileA

Sections

CODE
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 1024B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 1024B - Virtual size: 661B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6979c2ae464c5cbadfc9b5f1f29521aa

Headers

File Characteristics

Imports

advapi32

kernel32

user32

oleaut32

ole32

version

Sections

CODE Size: 53KB - Virtual size: 52KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 116KB - Virtual size: 116KB

.adata Size: 1024B - Virtual size: 76KB

DATA Size: 7KB - Virtual size: 6KB

.cdata Size: 1024B - Virtual size: 661B

.rsrc Size: 1024B - Virtual size: 836B

CODE
Size: 53KB - Virtual size: 52KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 116KB - Virtual size: 116KB

.adata
Size: 1024B - Virtual size: 76KB

DATA
Size: 7KB - Virtual size: 6KB

.cdata
Size: 1024B - Virtual size: 661B

.rsrc
Size: 1024B - Virtual size: 836B