3ffa994b077c7c9578a68a42229e295b_JaffaCakes118

General

Target

3ffa994b077c7c9578a68a42229e295b_JaffaCakes118
Size

439KB
MD5

3ffa994b077c7c9578a68a42229e295b
SHA1

547261db9ff7d49e1a53fc6a2e18242b9c959752
SHA256

e27211a662dd356c7c6c54475a6418a18a09744d4f317a3b067385552ca6ef03
SHA512

e097e259757b14acdb87b1f7c361cb43b1128dd7901d5abe46bffeed624dabd43c34ec5a9e502ef07a4419673d6150beac24da24fb7544fba9a77c9c03380185
SSDEEP

12288:Lai9V6yIxaidpAK3RFnvVrfYR8aJBLUyojgNHUju9V76hu:LJ7E7WQzWUu9Nf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ffa994b077c7c9578a68a42229e295b_JaffaCakes118

Files

3ffa994b077c7c9578a68a42229e295b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

16ecf4d3e361246f5ddc1902e5948b55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCPInfo
TlsSetValue
GetFileType
HeapAlloc
LoadLibraryA
GetStdHandle
SetHandleCount
GetCommandLineA
EnterCriticalSection
GetEnvironmentStringsW
HeapDestroy
InterlockedExchange
GetTickCount
GetVersion
WideCharToMultiByte
WriteFile
GetCurrentThread
MultiByteToWideChar
LCMapStringW
GetModuleFileNameA
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsFree
VirtualFree
GetProcAddress
GetOEMCP
UnhandledExceptionFilter
HeapFree
GetACP
LCMapStringA
GetTempFileNameW
IsBadWritePtr
VirtualQuery
GetStringTypeA
TlsAlloc
GetSystemTimeAsFileTime
HeapCreate
GetCurrentProcessId
GetStartupInfoA
TlsGetValue
HeapReAlloc
RtlUnwind
ExitProcess
GetLastError
GetEnvironmentStrings
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
InitializeCriticalSection
GetModuleHandleA
SetLastError

comdlg32

GetOpenFileNameA
GetSaveFileNameW
LoadAlterBitmap
GetFileTitleA
GetSaveFileNameA
ChooseColorA
ReplaceTextW
PageSetupDlgW
ChooseColorW
ChooseFontA
ReplaceTextA
PageSetupDlgA
GetOpenFileNameW
FindTextA
PrintDlgA
PrintDlgW
GetFileTitleW

user32

UnhookWinEvent
SendDlgItemMessageW
GetCursor
LoadCursorA

advapi32

RegDeleteValueW
CryptEnumProvidersW
CryptGetHashParam
CryptVerifySignatureA
CryptDecrypt
RegEnumKeyExA
CryptCreateHash
RegEnumKeyA
RegSaveKeyA
CryptSetProviderExA
CryptContextAddRef
RegOpenKeyA
StartServiceA
RegRestoreKeyW

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 303KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16ecf4d3e361246f5ddc1902e5948b55

Headers

File Characteristics

Imports

kernel32

comdlg32

user32

advapi32

Sections

.text Size: 125KB - Virtual size: 125KB

.data Size: 303KB - Virtual size: 302KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 303KB - Virtual size: 302KB

.rsrc
Size: 9KB - Virtual size: 9KB