430c37fd20e44b64bb1a3243c666fd44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

430c37fd20e44b64bb1a3243c666fd44_JaffaCakes118
Size

1.2MB
MD5

430c37fd20e44b64bb1a3243c666fd44
SHA1

2f7086ab9d62a570c3c9d283c47f4699f1dfa81f
SHA256

5a2106e15507d97837dd888ad3048ca8234365a0ee7879e5a8f03650a016b73c
SHA512

53d783b3dc4b330d9542278e6adec216633658ceb96468fdd256ecbfe9ec438e2b28e21b7145b76dd35f54e36fc0bf6339c88adaf08be2a38af0fdba0579e7c3
SSDEEP

24576:6+EtNLgOtXivMqhqr7qaNBsDJrbHDaTx8VQu2RmXhxfO42tTR7IoXq83Rg:YQKivC/qcmqxzL62tNJXq8K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
430c37fd20e44b64bb1a3243c666fd44_JaffaCakes118

Files

430c37fd20e44b64bb1a3243c666fd44_JaffaCakes118
.exe windows:5 windows x86 arch:x86

997247f903355634313a604d88126a75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

CreateBitmap
CombineRgn
CreateCompatibleDC
PatBlt

msvcrt

wcschr
__CxxFrameHandler
_controlfp
_wcsdup
fseek
_adjust_fdiv
_fdopen
clearerr
wcscat
mktime
wcsncat
__set_app_type
wcsstr
swprintf
__setusermatherr
_snwprintf
__wgetmainargs
wcspbrk
_wcsnicmp
localtime
_wtoi

user32

DrawFocusRect
DefWindowProcA
DispatchMessageA
TranslateMessage
GetDlgItem
ShowWindow
CreateWindowExA
GetDesktopWindow
IsWindow
DestroyWindow
GetWindow
MonitorFromWindow
SendMessageA
BringWindowToTop
ReleaseDC
RegisterClassExA
CreateIconIndirect
InflateRect
GetMessageA
GetCursorPos
GetKeyState
GetSystemMetrics
UpdateWindow

advapi32

RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeAcl
CloseServiceHandle
RegQueryValueExA

kernel32

LockResource
UnhandledExceptionFilter
SetEvent
WriteTapemark
SetEndOfFile
EraseTape
VerSetConditionMask
OpenMutexA
LoadLibraryA
CreateNamedPipeA
SetUnhandledExceptionFilter
GetProcessHeap
HeapAlloc
ReleaseMutex
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
GetCurrentProcessId
CloseHandle
VirtualAllocEx
CreateMutexA
FlushFileBuffers
GetLastError
GetSystemTime
CreateThread

syssetup

AsrFreeContext

netapi32

NetApiBufferSize
NetWkstaGetInfo

comctl32

ImageList_ReplaceIcon
ImageList_GetImageCount

ntdll

isdigit
NtSetQuotaInformationFile
wcstoul
NtQueryQuotaInformationFile

Sections

.text
Size: 645KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 306KB - Virtual size: 3.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

997247f903355634313a604d88126a75

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

msvcrt

user32

advapi32

kernel32

syssetup

netapi32

comctl32

ntdll

Sections

.text Size: 645KB - Virtual size: 645KB

.data Size: 232KB - Virtual size: 231KB

.rsrc Size: 306KB - Virtual size: 3.4MB

.text
Size: 645KB - Virtual size: 645KB

.data
Size: 232KB - Virtual size: 231KB

.rsrc
Size: 306KB - Virtual size: 3.4MB