376d3742a5977abb5ca770f2a5101025_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

376d3742a5977abb5ca770f2a5101025_JaffaCakes118
Size

123KB
MD5

376d3742a5977abb5ca770f2a5101025
SHA1

3d5588d3812e58867bfa36007d62fcddf41dfb6a
SHA256

b802e13fc87b552a1600ca111d997fa85be6c93d8f2098a4f631c0a49e0298e4
SHA512

6213cb5bcac668df0c7d5c57939ef4f96d26ef51996af5b29e40fb2dbb3780d777fdde360a8fa77734db6966016ae2385f274dd3a1e330385689d0a572c20d0f
SSDEEP

3072:X0IEuaScc3HIO8iklPp7To2umexfQSZ7Z2ZXbh132di:x3HIxiklx7TSTExhtqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
376d3742a5977abb5ca770f2a5101025_JaffaCakes118

Files

376d3742a5977abb5ca770f2a5101025_JaffaCakes118
.exe windows:5 windows x86 arch:x86

478b83ac4ca0689e556d676d8da47396

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowTextA
CreateWindowExA
SendDlgItemMessageA
GetDlgItemTextA
ShowWindow

advapi32

RegQueryValueExA
RegCloseKey
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyExA

kernel32

LoadLibraryA
OpenEventA
SetFileAttributesA
GetStdHandle
WriteFile
TlsGetValue
SetLastError
lstrcpyA
GetOEMCP
lstrlenA
SetThreadPriorityBoost
GlobalFree
ExitThread
TlsAlloc
GetCommandLineA
RtlUnwind
TerminateProcess
MapViewOfFile
LeaveCriticalSection
CreateEventA
EnterCriticalSection
FreeLibrary
CreateFileA
IsBadCodePtr
GlobalAlloc
DeleteCriticalSection
SetupComm
SetFilePointer
SetStdHandle
WideCharToMultiByte
LCMapStringW
Sleep
LCMapStringA
HeapAlloc
InterlockedDecrement
GetModuleFileNameA
GetACP
GetProcAddress
HeapDestroy
CloseHandle
ExitProcess
VirtualAlloc
SetHandleCount
UnmapViewOfFile
VirtualFree
HeapCreate
InterlockedIncrement
GetFileType
GetTickCount
IsBadWritePtr
IsBadReadPtr
GetCurrentProcess
GetStringTypeW
TlsSetValue
GetModuleHandleA
GetVersion
OpenFileMappingA
GetCPInfo
HeapReAlloc
GetStartupInfoA
FlushFileBuffers
CreateFileMappingA
CreateThread
GetCurrentProcessId
UnhandledExceptionFilter
PulseEvent
HeapFree
LoadLibraryExA
FlushFileBuffers
DeleteFileA
GetStringTypeA
InitializeCriticalSection
GetLastError
GetCurrentThreadId
MultiByteToWideChar
GetPrivateProfileSectionA
WriteProfileStringW
DeleteAtom
GetCurrentDirectoryA
FatalAppExitA
GetShortPathNameA
GetWindowsDirectoryW
GetFullPathNameA
MoveFileA
IsValidCodePage
GetVersion
SetVolumeMountPointW

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text1
Size: 151KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

478b83ac4ca0689e556d676d8da47396

Headers

File Characteristics

Imports

user32

advapi32

kernel32

version

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 111KB

.rsrc Size: 3KB - Virtual size: 3KB

.text1 Size: 151KB - Virtual size: 271KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 111KB

.rsrc
Size: 3KB - Virtual size: 3KB

.text1
Size: 151KB - Virtual size: 271KB