38fabe4df7d85af4874079dddfc1b8d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38fabe4df7d85af4874079dddfc1b8d7_JaffaCakes118
Size

277KB
MD5

38fabe4df7d85af4874079dddfc1b8d7
SHA1

abce7e40b3a6664dbc0a7c3ccd01b0bee640ff43
SHA256

5a2191dc928fb37bea77f0a339c95731cbba66ca34dbbfa8fb428398b188fa8d
SHA512

3716e50bb283fc968a1b8f0f9c210f62ca9c494a347b4b3c4d91e123688c636e50d652c829a71ce3e453991ba46afbc60005de6f5e746502981066537a85afb8
SSDEEP

6144:8i8w3pe3AppOrtJpMPhLvr+65Q+KB1P4cB8Cz6IXFIcAUI4O/4OH3:V5e3ypOhJpMPp665Q+KB1P468CuiWcjG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38fabe4df7d85af4874079dddfc1b8d7_JaffaCakes118

Files

38fabe4df7d85af4874079dddfc1b8d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c1f115d65461c5214b8c0db7e651886

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\nzsdn.pdb

Imports

user32

RegisterClassA
ShowWindow
CreateWindowExW
GrayStringW
ChildWindowFromPoint
MessageBoxW
InSendMessageEx
RegisterClassExA

kernel32

GetModuleFileNameA
TlsGetValue
GetCurrentThreadId
LeaveCriticalSection
CloseHandle
TlsSetValue
SetCurrentDirectoryA
ReadFile
SetThreadPriority
GetTimeZoneInformation
IsDebuggerPresent
TlsFree
GetStringTypeA
GetProcAddress
GetDateFormatA
LoadLibraryA
FreeEnvironmentStringsW
SetConsoleTitleW
SetConsoleCtrlHandler
ReadConsoleOutputCharacterA
CompareStringW
IsBadWritePtr
VirtualQuery
GetStringTypeW
FindResourceA
GetLastError
MultiByteToWideChar
VirtualAlloc
GetLocaleInfoA
GetACP
HeapFree
GetCPInfo
WideCharToMultiByte
GetTimeFormatA
FreeEnvironmentStringsA
GlobalAddAtomW
GetEnvironmentStrings
GetLocaleInfoW
CreateDirectoryExA
OpenMutexA
Sleep
HeapSize
EnterCriticalSection
SetLastError
SetStdHandle
GetStdHandle
GetCurrentProcess
LCMapStringW
CompareStringA
GetUserDefaultLCID
HeapAlloc
OpenFileMappingW
GetTickCount
IsValidCodePage
VirtualFree
HeapCreate
GetEnvironmentStringsW
GetCommandLineA
DeleteAtom
GetCurrentThread
HeapReAlloc
WriteFile
GetCurrentProcessId
SetEnvironmentVariableA
GetFileType
TlsAlloc
SetHandleCount
CreateMutexA
RtlUnwind
TerminateProcess
GetSystemTimeAsFileTime
InitializeCriticalSection
UnhandledExceptionFilter
GlobalFlags
GetSystemInfo
GetModuleHandleA
HeapDestroy
GetOEMCP
ExitProcess
EnumSystemLocalesA
GetVersionExA
VirtualProtect
InterlockedExchange
LCMapStringA
GetStartupInfoA
IsValidLocale
QueryPerformanceCounter
SetFilePointer
FlushFileBuffers
DeleteCriticalSection

comdlg32

ReplaceTextA
ReplaceTextW

comctl32

InitCommonControlsEx

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c1f115d65461c5214b8c0db7e651886

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comdlg32

comctl32

Sections

.text Size: 157KB - Virtual size: 157KB

.rdata Size: 20KB - Virtual size: 38KB

.data Size: 85KB - Virtual size: 85KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 157KB - Virtual size: 157KB

.rdata
Size: 20KB - Virtual size: 38KB

.data
Size: 85KB - Virtual size: 85KB

.rsrc
Size: 12KB - Virtual size: 12KB