38ec6664670e0e263861ac1993e4cb6d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38ec6664670e0e263861ac1993e4cb6d_JaffaCakes118
Size

121KB
MD5

38ec6664670e0e263861ac1993e4cb6d
SHA1

f810bb1db34d972a34064d8a4668ef2030c89957
SHA256

0aa409416397fee62d48c5837c439ba2c36566516653320c036a335ddb37648d
SHA512

b8edeb7cad90200dbd01c6bf6f1acd8b1fb13e56e423839d7d9922bea521236e2f8e97d682d7a45b5a2549d0ba3643f6dc45d5b7c72be78f2cfe57adc2002499
SSDEEP

3072:2c5vQQ9I3NbOa0ztS7wg3nxxxO6v8MjP72:2eL9IZv3xD984PK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38ec6664670e0e263861ac1993e4cb6d_JaffaCakes118

Files

38ec6664670e0e263861ac1993e4cb6d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

066dbe4483a415f2e7c30f65218660c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
CloseHandle
TerminateThread
GlobalReAlloc
GetProcAddress
HeapFree
GetFileType
CreateDirectoryA
LoadLibraryW
GetProcAddress
SetUnhandledExceptionFilter
GetLastError
CreateNamedPipeA
GetTimeFormatW
FindNextFileW
GetCurrentThreadId
GetSystemInfo
CreateDirectoryW
SetFilePointer
ExitProcess
GetWindowsDirectoryW
LoadLibraryA
GetSystemDirectoryA
QueryPerformanceCounter
IsBadWritePtr
WriteConsoleW
lstrcatA
GetModuleHandleA
GetCurrentThread
OutputDebugStringA
GlobalAlloc

tapi32

lineOpenW
lineDevSpecificFeature
lineSetupConference
lineAddToConference

msvcrt

atol
strncpy
_wtoi
__p__commode
_vsnprintf
atoi
_wcsnicmp
towupper
_acmdln
memset
memcpy
wcsncpy
isspace
__wgetmainargs
_iob
wcsncmp

user32

PostQuitMessage
ShowWindow
DeleteMenu
LoadCursorW
RegisterMessagePumpHook
DialogBoxParamW
SystemParametersInfoW
LoadMenuA
DispatchMessageA
LoadAcceleratorsW
RemoveMenu
MsgWaitForMultipleObjects
OpenClipboard
ReleaseDC
InvalidateRect
LoadStringW
SetScrollPos
SetCapture
GetDlgItem
GetKeyState
GetMenuItemCount
GetWindowPlacement
GetAsyncKeyState

gdi32

GetDeviceCaps
SetMapMode
CreatePen
CreateCompatibleDC
SelectObject
DeleteDC
SetPixel
SelectPalette
PatBlt
BitBlt
SaveDC
SetBkColor
CreateSolidBrush
CreateFontIndirectA
SetTextColor

Exports

Exports

MlhmkpfYlqtpMz
PlbjrWxtxzrbDckdeuaTtl
GfvztweIfnvt
IhndzjnDexlzkpVqk
NqGpwtdnbDcpdhytInznpjb

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ttvv
Size: 512B - Virtual size: 277B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

066dbe4483a415f2e7c30f65218660c9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

tapi32

msvcrt

user32

gdi32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 30KB - Virtual size: 29KB

ttvv Size: 512B - Virtual size: 277B

.data Size: 28KB - Virtual size: 27KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 512B - Virtual size: 40B

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 30KB - Virtual size: 29KB

ttvv
Size: 512B - Virtual size: 277B

.data
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 512B - Virtual size: 40B