387e6ea3e243b129eae6694583da87e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

387e6ea3e243b129eae6694583da87e9_JaffaCakes118
Size

469KB
MD5

387e6ea3e243b129eae6694583da87e9
SHA1

4f8eec2a05a8bfc9ac55f2f923d749bfbd1ef0ce
SHA256

1abb30f89b6e71d088b41c86ecf88b339f2eb8f957aebfb2eec04af5fadfdc5e
SHA512

6d883f747e0b66b7190072f0d36be3a5bb70d9152eb48c129ef71e63c61370d1bc6cd2fbf36fe65a4471c107b799f0d0a37375ebf8f1471312360cc8542c3d42
SSDEEP

12288:wA1uUpd9kzbDlVibtfjFdXZ/6zsVaPLOtnnX3MPe56t:7uMuzflibFxf8InnnM2G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
387e6ea3e243b129eae6694583da87e9_JaffaCakes118

Files

387e6ea3e243b129eae6694583da87e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d85fde7627bde6c3a719f397f547959d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentVariableW
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
EnterCriticalSection
GlobalUnlock
CreateEventW
WideCharToMultiByte
CreateProcessW
VirtualAlloc
GetFileSize
GetLocaleInfoA
HeapFree
GetSystemTime
CreateFileA
GetStringTypeW
GetCurrentProcess
HeapDestroy
SetHandleCount
CreateThread
CompareStringW
ExpandEnvironmentStringsW
lstrcmpiW
GetStringTypeA
GetCurrentThreadId
HeapAlloc
CreateSemaphoreW
GlobalFree
TryEnterCriticalSection
GetSystemTimeAsFileTime
GetLocalTime
SetEndOfFile
GetProcAddress
GetModuleHandleW
FindClose
FlushInstructionCache
GetACP
lstrlenA
VirtualProtect
GetProcessHeap
LoadLibraryExW
LoadLibraryA
GetStartupInfoA
InterlockedIncrement
MulDiv
GlobalLock
LeaveCriticalSection
lstrcmpA
FreeLibrary

aclui

CreateSecurityPage

advapi32

RegQueryValueExA
CryptCreateHash
DeregisterEventSource
RegCloseKey
CryptAcquireContextW
GetUserNameW
CryptGetHashParam
SetSecurityDescriptorDacl
CryptHashData
RegSetValueExA
RegDeleteValueA
CryptReleaseContext
CryptDestroyHash
DuplicateTokenEx
RegEnumKeyExA

shlwapi

wvnsprintfW
PathMatchSpecW
StrStrW
wnsprintfA
PathFileExistsW
PathFindFileNameW
wnsprintfW
PathRemoveFileSpecW
SHDeleteKeyA

user32

EndPaint
IsWindow
FindWindowExA
DispatchMessageA
GetCursorPos
GetWindowTextA
GetForegroundWindow
InvalidateRect
CharNextA
GetWindow
SetTimer
OpenWindowStationA
SetProcessWindowStation
LoadBitmapA
EndDialog
CloseDesktop
FillRect
TranslateMessage
ToUnicode
LoadCursorA

msvcrt

??1type_info@@UAE@XZ
memset
time
wcschr
wcstoul

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d85fde7627bde6c3a719f397f547959d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

aclui

advapi32

shlwapi

user32

msvcrt

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 20KB - Virtual size: 48KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 20KB - Virtual size: 48KB

.rsrc
Size: 2KB - Virtual size: 2KB