42395923153369ad342f1abaa91c01ab_JaffaCakes118

General

Target

42395923153369ad342f1abaa91c01ab_JaffaCakes118
Size

172KB
MD5

42395923153369ad342f1abaa91c01ab
SHA1

7265b984ea71ecf8408b9d234d9c0fbd36aece95
SHA256

d4ad63f95d54dcef28f9a97deda63d1850c4dd9db65c7f380c5a4c72fdffb0b1
SHA512

42966f58a1d76ac30b0059f4849d1122a2e70c086f9ce944297edbe867bff60c7dc1ffccad029afb5f2ac06c60840df02424ad4d48583422034d2f0ff004f7e8
SSDEEP

3072:bGtbVmfbRyXA5xbQjSLCa5BDKLodZ+igb8Jiy71SbaKetTJzB:b2SbRyXKya5BD6Y+1AL1S2Ltdt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42395923153369ad342f1abaa91c01ab_JaffaCakes118

Files

42395923153369ad342f1abaa91c01ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5000ec28c62b0099e167a28da3bf2e5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

log
_acmdln
exp
strncmp
tolower
ceil
wcstol
memmove
memcpy
wcsncmp
malloc

shlwapi

SHGetValueA

kernel32

FindFirstFileA
InitializeCriticalSection
ExitProcess
SetEndOfFile
LockResource
MoveFileExA
VirtualAllocEx
SetThreadLocale
GetACP
DeleteFileA
GlobalDeleteAtom
CompareStringA
GetSystemDefaultLangID
VirtualAlloc
GetCommandLineA
EnumCalendarInfoA
GetCurrentThread
WriteFile
LoadLibraryA
GetOEMCP
GetCurrentProcess
MulDiv
HeapFree
GetTickCount
LocalReAlloc
FindResourceA
GetModuleHandleA
ReadFile
lstrcmpA

comctl32

ImageList_GetBkColor
ImageList_Remove
ImageList_Draw
ImageList_DragShowNolock
ImageList_Create
ImageList_Write
ImageList_Read
ImageList_Destroy
ImageList_Add

user32

ShowWindow
GetClassInfoA
EnumWindows
RegisterClassA
CharNextA
GetFocus
EnumThreadWindows
GetClientRect
GetMenuStringA
GetClassLongA
CreateWindowExA
GetPropA
EnumChildWindows
DefMDIChildProcA
GetMenuState
DefWindowProcA
IsChild
SystemParametersInfoA
EnableScrollBar
DispatchMessageA
TrackPopupMenu
GetDlgItem
GetClipboardData

Sections

text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 121KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5000ec28c62b0099e167a28da3bf2e5b

Headers

File Characteristics

Imports

msvcrt

shlwapi

kernel32

comctl32

user32

Sections

text Size: 48KB - Virtual size: 47KB

.tls Size: 121KB - Virtual size: 160KB

.bss Size: 1KB - Virtual size: 1KB

text
Size: 48KB - Virtual size: 47KB

.tls
Size: 121KB - Virtual size: 160KB

.bss
Size: 1KB - Virtual size: 1KB