52d5c4eee9bb3d75b66b095db7523069_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

52d5c4eee9bb3d75b66b095db7523069_JaffaCakes118
Size

721KB
MD5

52d5c4eee9bb3d75b66b095db7523069
SHA1

279f380fecdaa8322c8f8b9e398cfba77b00c1d8
SHA256

bdadede18d092480de6b75864a1596ee2d70347bc7cf4617e416fa87bb5dffe2
SHA512

c211e36ebeda90a7d76061a29d47227be066db7f03f07f9299197ad486ba8a0599d738988d1060510a0641a34370b95e61a802e9546766aa13712992ccd7260f
SSDEEP

12288:cBbmZ57G8cdJdCdfwpdhE+5l1+QP9pv6DkarXv752UEWYmGoYq3FeCEI55BjwOYd:cBq57Ge2pw+7mr/1pqmYkFhL/syYQQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52d5c4eee9bb3d75b66b095db7523069_JaffaCakes118

Files

52d5c4eee9bb3d75b66b095db7523069_JaffaCakes118
.exe windows:4 windows x86 arch:x86

005fd681cea8d9f07a067d64036862c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

DeleteDC
DeleteObject
GetStockObject
SetTextColor
SetBkColor
SetBkMode

kernel32

GetCurrentThreadId
ExitProcess
HeapAlloc
GetProcessHeap
Sleep
VirtualFree
WriteFile
UnmapViewOfFile
TlsGetValue
CreateProcessA
SizeofResource
GetModuleHandleW
GlobalLock
GetACP
CloseHandle
ReadFile
SetFilePointer
TlsFree
MapViewOfFile
RaiseException
HeapSize
WideCharToMultiByte
LockResource
GetEnvironmentStrings
GlobalAlloc
GetEnvironmentStringsW
GetThreadLocale
LCMapStringA
GlobalFree
lstrlenA
GetSystemInfo
HeapCreate
LCMapStringW
InterlockedIncrement
CreateFileA
CreateEventA
GetTimeZoneInformation
GetProcAddress
FindFirstFileW
CreateFileMappingA
CompareStringA
CompareStringW
WaitForMultipleObjects
DeleteFileA
GetStartupInfoA
LoadLibraryA
GetVersionExA
TlsAlloc
QueryPerformanceCounter
GetOEMCP
GetVersionExW
lstrcmpiA
SetHandleCount
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
GetModuleHandleA
TerminateProcess
CreateThread
MultiByteToWideChar
LoadLibraryExW
UnhandledExceptionFilter
GetModuleFileNameA
FlushFileBuffers
IsDebuggerPresent
GetModuleFileNameW
InitializeCriticalSection
SetLastError
InterlockedDecrement
LoadResource
GetEnvironmentVariableA
LocalFree
FreeLibrary
GetStringTypeW
HeapReAlloc
GetSystemTimeAsFileTime
InterlockedExchange
GetStringTypeA
LoadLibraryW
GetCPInfo
SetErrorMode
lstrcatA
LocalAlloc
GetLocaleInfoA
GetCurrentDirectoryA
GetCurrentProcess
DeleteCriticalSection
FreeEnvironmentStringsA
HeapFree
HeapDestroy
SetEvent
GetFileAttributesA
GetConsoleOutputCP
GetStdHandle
GetLastError
GetTickCount
GetCommandLineA
GetCurrentProcessId
GetCurrentThread
GetVersion
VirtualQuery

user32

SetWindowLongA
GetWindowRect
GetSystemMetrics
DefWindowProcA
BeginPaint
MapWindowPoints
FillRect
CreateWindowExA
GetWindowLongA
RegisterClassA
IsWindowEnabled
EnableWindow
ShowWindow
UpdateWindow
GetClientRect
IsWindow
PostQuitMessage
TrackPopupMenu
GetCursorPos
SetDlgItemTextA
GetSysColor
InvalidateRect
SendMessageA
GetDlgItem

advapi32

RegCloseKey
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
GetTokenInformation
OpenProcessToken

Sections

.text
Size: 670KB - Virtual size: 996KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

005fd681cea8d9f07a067d64036862c3

Headers

File Characteristics

Imports

gdi32

kernel32

user32

advapi32

Sections

.text Size: 670KB - Virtual size: 996KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 26KB - Virtual size: 25KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 670KB - Virtual size: 996KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 18KB - Virtual size: 18KB