3a94ba37d546f494368513cb41e4a221_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a94ba37d546f494368513cb41e4a221_JaffaCakes118
Size

78KB
MD5

3a94ba37d546f494368513cb41e4a221
SHA1

d94c6e93fc7b983cf3abf43fa24369ec5370f4e7
SHA256

e672babd5e8ddff95b24a5f382bd881355abc3647a8375257415f7021a6aa585
SHA512

295d262c62b36fdc4a2973e838b770cc39de1e25d188bad05278e75a94a3d9f865f12e22f7c1d1ee99461779121b82f96de1b65e037bcc902dc5852241ae9fb6
SSDEEP

1536:yaP9Mg29n9rS2e6S9E3d9WUDm0lVlTlJo6LO:yaPGjnxSLEN9tRVlE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a94ba37d546f494368513cb41e4a221_JaffaCakes118

Files

3a94ba37d546f494368513cb41e4a221_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5e2be0af5685fd5312a1fd921a3a1b04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
strncpy
strlen
strcpy
strcat
memcpy
longjmp
_setjmp3
fseek
ftell
fread
sprintf
strcmp
strncmp
fclose
fabs
ceil
malloc
floor
free
exit
__p__iob
fprintf
getenv
sscanf

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameA
OpenProcess
WriteProcessMemory
CloseHandle
HeapFree
HeapAlloc
InitializeCriticalSection
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
Sleep
FreeLibrary
LoadLibraryA
GetProcAddress
SetLastError
TlsAlloc
GlobalAlloc
GlobalFree
GetVersionExA
MulDiv
HeapReAlloc

user32

GetAsyncKeyState
DestroyWindow
GetSysColor
GetSysColorBrush
CreateWindowExA
SendMessageA
GetWindowRect
ScreenToClient
RedrawWindow
GetWindowLongA
GetIconInfo
SetWindowPos
InvalidateRect
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateA
EndPaint
SetCapture
CallWindowProcA
GetSystemMetrics
SetWindowLongA
SetCursor
GetParent
FillRect
GetWindowTextA
GetClientRect
IsWindowEnabled
GetCapture
DefWindowProcA
LoadCursorA
ShowWindow
RemovePropA
SetPropA
GetPropA
PostMessageA
GetWindow
SetActiveWindow
UnregisterClassA
DestroyAcceleratorTable
LoadIconA
PeekMessageA
MsgWaitForMultipleObjects
GetMessageA
GetActiveWindow
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassA
AdjustWindowRectEx
CreateAcceleratorTableA
SetCursorPos
LoadImageA
MapWindowPoints
MoveWindow
SystemParametersInfoA
GetKeyState
GetCursorPos
IsWindowVisible
SetFocus
GetFocus
IsChild
GetClassNameA
EnumChildWindows
DefFrameProcA
DestroyIcon
CreateIconFromResourceEx
CreateIconFromResource

gdi32

GetStockObject
SetBkColor
SetTextColor
GetObjectType
GetObjectA
DeleteObject
SelectObject
CreateRectRgnIndirect
SelectClipRgn
SetBkMode
TextOutA
GetTextExtentPoint32A
CreatePen
MoveToEx
LineTo
CreateSolidBrush
CreateCompatibleDC
SetDIBits
DeleteDC
CreateDCA
CreateDIBSection
GetDIBits
BitBlt
CreateBitmap
SetPixel
GetDeviceCaps
CreateFontA

comctl32

InitCommonControlsEx

shell32

ShellExecuteExA

ole32

RevokeDragDrop

Sections

.code
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5e2be0af5685fd5312a1fd921a3a1b04

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

shell32

ole32

Sections

.code Size: 3KB - Virtual size: 3KB

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 6KB - Virtual size: 6KB

.code
Size: 3KB - Virtual size: 3KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 6KB - Virtual size: 6KB