3f924cc8da18fbe5f617c8ef3480d77c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f924cc8da18fbe5f617c8ef3480d77c_JaffaCakes118
Size

170KB
MD5

3f924cc8da18fbe5f617c8ef3480d77c
SHA1

38adb8e7ba716730bd54aeb72dce249b32d7853a
SHA256

a40c814ea592ed3111d775a614bbd485d803ed09a00e917139cfa47ef6bf7e26
SHA512

0d40c0336dd20fce3ca0c5f629cabd6125d8801cd70a3793f7b98cb7eb1be6fb3f6bff28f71fea09cc464d335a452741be6ff9e987ec968c09d0e4d71d062ae3
SSDEEP

3072:1oTdkdXJAQU52aZ8jotNihH2e0jqq8AbFny++6U9gzD43FaXLaywmK2jIkGn:1oTd0JAVvZVtNihH2/mq8cyR9jEmZm1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f924cc8da18fbe5f617c8ef3480d77c_JaffaCakes118

Files

3f924cc8da18fbe5f617c8ef3480d77c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ed2577657a686f06742187f8c5760a42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

LoadStringA
CopyRect
wvsprintfA
DispatchMessageA
RegisterClassA
MonitorFromWindow
RegisterWindowMessageA
wsprintfA
GetMessageA
CreateWindowExA
MsgWaitForMultipleObjects
PeekMessageA
PostThreadMessageA
GetQueueStatus
DestroyWindow

quartz

AMGetErrorTextW

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

advapi32

RegSetValueExA
RegCreateKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA

ole32

GetRunningObjectTable
CoFreeUnusedLibraries
CoTaskMemFree
CLSIDFromString
StringFromGUID2
CoUninitialize
StringFromCLSID
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoInitializeEx
CoInitialize
CreateItemMoniker
CreateStreamOnHGlobal
CoTaskMemAlloc

kernel32

CreateMutexA
GetTapeParameters
Sleep
SetThreadPriority
LoadLibraryA
GlobalAlloc
VirtualAlloc
SetEvent
GetTickCount
IsBadWritePtr
ResetEvent
WaitForSingleObject
GetThreadPriority
InterlockedIncrement
CreateThread
lstrlenA
GetCurrentProcessId
GetVersionExA
GetACP
DeleteCriticalSection
WaitForMultipleObjects
LoadResource
ClearCommError
QueryPerformanceCounter
ReleaseMutex
GetExitCodeThread
GetSystemInfo
ResumeThread
GetProcessHeap
EnumResourceNamesA
CreateEventA
CreateSemaphoreA
LocalFree
GetProcAddress
ReleaseSemaphore
IsBadReadPtr
FindResourceA
MultiByteToWideChar
GetSystemTimeAsFileTime
CloseHandle
InterlockedDecrement
FreeLibrary
CreateFileW
FatalExit
DisableThreadLibraryCalls
GetCurrentThread
TerminateThread
GetSystemTime
GetModuleFileNameA
InitializeCriticalSection
GetCurrentThreadId
WideCharToMultiByte
GetLastError
LeaveCriticalSection
HeapFree
VirtualFree
LockResource
GetModuleFileNameW
EnterCriticalSection
LoadLibraryW
ExitProcess

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed2577657a686f06742187f8c5760a42

Headers

File Characteristics

Imports

user32

quartz

winmm

advapi32

ole32

kernel32

shell32

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 50KB - Virtual size: 50KB

.lib Size: 512B - Virtual size: 92KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 50KB - Virtual size: 50KB

.lib
Size: 512B - Virtual size: 92KB