3f0bb24185a47bf6e8e5e4dc0f58af1a_JaffaCakes118

General

Target

3f0bb24185a47bf6e8e5e4dc0f58af1a_JaffaCakes118
Size

229KB
MD5

3f0bb24185a47bf6e8e5e4dc0f58af1a
SHA1

33d36b63fd60a1d56849ae082f5ca4f3bd52ed45
SHA256

e87a1d71ff18eb6b37eecf9a7f85bfc5cfd9ab1b53fab2cbc3112f6709d1cbde
SHA512

e73b1efbb5b9b989ed7edaa5ad6b6354b83ba6c200bebd0c659f9d800c872926c00d5b0094ad6263586042ca42c1951c80b3a3aed817f5360909f564117b2602
SSDEEP

6144:Mw1VSlZ39Bu8/r8AJDZfZezO1GqlRj48BfEwpCsLl:P1sPu8/Y8hkzIGqlRjvNdVl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f0bb24185a47bf6e8e5e4dc0f58af1a_JaffaCakes118

Files

3f0bb24185a47bf6e8e5e4dc0f58af1a_JaffaCakes118
.exe windows:1 windows x86 arch:x86

b3ee8cd3e4f5c4ee50008b3ba3beea8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AddAtomA
BackupSeek
CloseHandle
FindAtomA
GetCPInfo
GetCurrencyFormatA
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetTickCount
GetVersion
GlobalLock
LoadLibraryA
SearchPathA
SuspendThread
SwitchToFiber
SwitchToThread
UnmapViewOfFile
VirtualAlloc
VirtualFree
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA

gdi32

AddFontResourceA
CloseFigure
CreateBrushIndirect
DeleteObject
GetDeviceCaps
GetNearestColor
SetTextColor

advapi32

BuildSecurityDescriptorA
GetPrivateObjectSecurity
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegGetKeySecurity
RegLoadKeyA
RegOpenKeyA
RegQueryValueA

user32

AppendMenuA
BeginPaint
BlockInput
ClientToScreen
ClipCursor
EqualRect
GetMenu
GetMessagePos
GetTopWindow
InvalidateRect
IsCharUpperA
LoadCursorA
MonitorFromRect
PostQuitMessage
ShowCaret
TrackMouseEvent

Sections

.data
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pack
Size: 512B - Virtual size: 218B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3ee8cd3e4f5c4ee50008b3ba3beea8a

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

user32

Sections

.data Size: 80KB - Virtual size: 80KB

.code Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

.pack Size: 512B - Virtual size: 218B

.rsrc Size: 1KB - Virtual size: 1KB

.data
Size: 80KB - Virtual size: 80KB

.code
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB

.pack
Size: 512B - Virtual size: 218B

.rsrc
Size: 1KB - Virtual size: 1KB