3f0bd5e96351f1035af8c8c97e7909eb_JaffaCakes118

General

Target

3f0bd5e96351f1035af8c8c97e7909eb_JaffaCakes118
Size

333KB
MD5

3f0bd5e96351f1035af8c8c97e7909eb
SHA1

5bc2376da4112cf76c2f7cc5ff0fc3106b634f1e
SHA256

1edf694cec5d7c22ff0f098f74d14bb49eead88b8d068b0e96a87e72f578de8e
SHA512

eb8af040aeaca41d056e2911f6d6550c70860884c1b5a57bcbe599db944d1bf983d6cc450bf06dad2b0ba61f92185c8adaf978552addfd70b772b07a38971af3
SSDEEP

6144:T/+7VpZkX4W1aWld9J+mBqgT+1fec5Ib4d5hxKTciPS0K5Bsu7dq:L+hohAmBz+Ic2W5DGKDvJq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f0bd5e96351f1035af8c8c97e7909eb_JaffaCakes118

Files

3f0bd5e96351f1035af8c8c97e7909eb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df0d81c1ddbd480eb32c523a995f9f83

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetModuleFileNameA
GetLastError
CreateMutexA
Process32Next
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
CloseHandle
WriteFile
CreateFileA
DeviceIoControl
FreeLibrary
GlobalFree
LoadLibraryExA
GlobalAlloc
GetProcAddress
ReadFile
GetCommandLineA
SetFileAttributesA
WaitForSingleObject
CreateProcessA
DeleteFileA
OpenProcess
lstrcmpiA
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
CreateThread
WideCharToMultiByte
lstrlenW
ReadProcessMemory
VirtualAllocEx
VirtualFreeEx
WinExec
ExitProcess
GetModuleHandleA
EnumResourceTypesA
lstrcatA
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA
GetFileSize
EnumResourceNamesA

user32

FindWindowA
FindWindowExA
MessageBoxA
PostMessageA
TranslateMessage
DispatchMessageA
wsprintfA
SendMessageA
GetWindowThreadProcessId
GetForegroundWindow
GetWindow
GetClassNameA
GetWindowTextA
GetWindowRect
SetCursorPos
GetMessageA
SendInput

advapi32

ControlService
OpenServiceA
OpenSCManagerA
StartServiceA
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegOpenKeyA
CloseServiceHandle

shell32

ShellExecuteA

msvcrt

atoi
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_stricmp

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df0d81c1ddbd480eb32c523a995f9f83

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

psapi

Sections

.data Size: 26KB - Virtual size: 26KB

.rsrc Size: 300KB - Virtual size: 304KB

.data
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 300KB - Virtual size: 304KB