428ecf6f17cf53bb47d000837344103e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

428ecf6f17cf53bb47d000837344103e_JaffaCakes118
Size

50KB
MD5

428ecf6f17cf53bb47d000837344103e
SHA1

192f492d0cbc817b09b4c109cd925351025a4189
SHA256

6e41c9db438779b740353a707c024313e4e55a8d81301eba1a8456c24a21925e
SHA512

b47ce37146ee82b394a05dc5299444f644654a42393d9d6c398336bad9cf6a83f1d7493952b83ef92af65bdcf9b457b965d947e8ba38f4cbec02cf276b8aa5e0
SSDEEP

768:4HBiPGQohR0+ZRapmMe0J7e4ndfE0DsQQzUp6MyMZ/ytjirLg:UiuQ7+RcmB0D3IUWH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
428ecf6f17cf53bb47d000837344103e_JaffaCakes118

Files

428ecf6f17cf53bb47d000837344103e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4ac24657863181b54f31fbcb1160daec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageW
GetComputerNameW
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcessHeap
GetStartupInfoA
GetThreadLocale
GetVersionExA
GetVersionExW
GetWindowsDirectoryA
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedExchange
InterlockedIncrement
LeaveCriticalSection
LocalAlloc
LocalFree
FormatMessageA
MultiByteToWideChar
OutputDebugStringW
RaiseException
ReleaseMutex
SetEvent
SetFileAttributesA
SetFilePointer
SetLastError
SetThreadExecutionState
SetThreadLocale
Sleep
WaitForMultipleObjects
WideCharToMultiByte
WriteFile
lstrcmpW
lstrcpyA
lstrlenA
CreateFileW
lstrcatW
VirtualAlloc
LoadLibraryW
ExitProcess
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateProcessW
CreateMutexA
CreateFileA
CreateEventA
MoveFileExW
CloseHandle

user32

DefWindowProcA
LoadIconA
LoadIconW

gdi32

CloseEnhMetaFile
MoveToEx
CreateEnhMetaFileA
GetStockObject
DeleteEnhMetaFile
LineTo
Rectangle

advapi32

RegOpenKeyW

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata2
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 1006KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ac24657863181b54f31fbcb1160daec

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 19KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 460B

.rdata4 Size: 1024B - Virtual size: 1000B

.rdata3 Size: 1024B - Virtual size: 1000B

.rdata2 Size: 1024B - Virtual size: 1000B

.rsrc Size: 26KB - Virtual size: 1006KB

.text
Size: 19KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 460B

.rdata4
Size: 1024B - Virtual size: 1000B

.rdata3
Size: 1024B - Virtual size: 1000B

.rdata2
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 26KB - Virtual size: 1006KB