38f78e127173c22de0592c2523342f4e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38f78e127173c22de0592c2523342f4e_JaffaCakes118
Size

120KB
MD5

38f78e127173c22de0592c2523342f4e
SHA1

4a32df37b4705485bfea760e57062b470bcbf964
SHA256

d632e95e317dac1d1e8d06af8011d49ab4cf578bf6cd9691da8983ff2caa74c8
SHA512

4d2ef15322f8f258d1678ba783a9de5c6497041d24fd200f0b2e2de0a074fcc8d091b7bce10206d184bf01f52192211bae5dbca6d364ebdf0973be1f4d81b57d
SSDEEP

1536:VE5ej6LzEeWiPVqbVI4jHRTZr0DB6BkUw221n3Dyd8qTe7iX:qFVN8NHrK6BkUw221n3Dyd84SiX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38f78e127173c22de0592c2523342f4e_JaffaCakes118

Files

38f78e127173c22de0592c2523342f4e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e2f97381d6e397bfca19b6a6fa593fb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlFillMemory
LocalFree
GetCurrentProcess
lstrlenA
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
LocalAlloc
IsBadReadPtr
CreateFileA
WriteFile
WaitForSingleObject
CreateProcessA
GetStartupInfoA
DeleteFileA
LCMapStringA
RtlMoveMemory
lstrcpyn
LocalSize
GetModuleHandleA
TerminateProcess
Sleep
WideCharToMultiByte
ReadProcessMemory
OpenProcess
Module32Next
Module32First
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapFree
CreateThread

user32

IntersectRect
EqualRect
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowLongA
SetWindowRgn
SetWindowPos
MessageBoxA
wsprintfA
SetWindowLongA
DestroyWindow
PostQuitMessage
GetWindowThreadProcessId
PostMessageA
EnumWindows
IsWindow
SetTimer
CreateWindowExA
SetWindowTextA
GetWindowTextLengthA
EnableWindow
UpdateWindow
ShowWindow
GetWindowRect
CallWindowProcA
ReleaseDC
FillRect
GetSysColor
GetDC
DefWindowProcA
TrackMouseEvent
SendMessageA
GetParent
InvalidateRect
EndPaint
BeginPaint
MoveWindow
LoadCursorA
LoadIconA
RegisterClassExA
GetClassInfoExA
FindWindowExA
GetClassNameA
GetWindowTextA
GetFocus
IsWindowVisible

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

gdi32

GetObjectA
CombineRgn
GetPixel
CreateRectRgn
CreateDIBitmap
SetTextColor
TextOutA
SetBkColor
DeleteObject
CreatePatternBrush
StretchBlt
CreateSolidBrush
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC

msimg32

TransparentBlt

msvcrt

sprintf
strncpy
strncmp
atoi
_ftol
_CIpow
??2@YAPAXI@Z
_CIfmod
_strnicmp
modf
free
malloc
memmove
??3@YAXPAX@Z

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e2f97381d6e397bfca19b6a6fa593fb4

Headers

File Characteristics

Imports

kernel32

user32

shell32

wininet

gdi32

msimg32

msvcrt

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 53KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 53KB