546adf4a1ac49c19250e9fe3128d5976_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

546adf4a1ac49c19250e9fe3128d5976_JaffaCakes118
Size

981KB
MD5

546adf4a1ac49c19250e9fe3128d5976
SHA1

08102edd76aaa0c484b75789e916e09104d37d1b
SHA256

e5710fc0fd3761cffee2f194a9ef64bbae5467fe3b2bf3659f65eaad92e6dbf3
SHA512

f63f91d549831dc122c4a92a8e66fd5c34c5e7e3acc0dda6ad78ac488c88e04d0242bdb14347bfe1272de3f6a01b6e12ac1f8ef0b479b7c99f333541accfd090
SSDEEP

24576:llsi3EE2183qjF+mma53DmEVJdWTbZR55fD6+K0t+4RTT3Qg:7lEf1JfmURvdWfXf+7aXRTTQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
546adf4a1ac49c19250e9fe3128d5976_JaffaCakes118

Files

546adf4a1ac49c19250e9fe3128d5976_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c67a4bb1b881f249cca057208946b853

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CreateStreamOnHGlobal
CoInitializeEx

tapi32

lineUncompleteCall
lineAccept

gdi32

SetBkMode
SetDIBColorTable
CreateFontIndirectW
DeleteDC
CreateCompatibleDC
GetObjectW
GetStockObject
SetTextColor
SelectObject
CreateDIBSection
DeleteObject

kernel32

lstrcpynW
LocalFree
GetTickCount
GetCommandLineA
FindResourceExW
GlobalFree
GlobalLock
GlobalAlloc
GetSystemTimeAsFileTime
DosDateTimeToFileTime
CreateDirectoryW
CreateFileA
GetProcAddress
SetUnhandledExceptionFilter
FindResourceW
ExitProcess
InterlockedCompareExchange
VirtualQuery
InterlockedIncrement
GetFileAttributesExW
GetLastError
LoadResource
InterlockedDecrement
GetSystemInfo
GetCommandLineW
ReadFile
FreeLibrary
GetModuleHandleW
GetModuleHandleA
RemoveDirectoryW
HeapFree
LocalAlloc
VirtualProtect
SizeofResource
LoadLibraryW
QueryPerformanceCounter
DeleteFileW
GetCurrentProcessId
GetProcessHeap
LockResource
GetCurrentThreadId
SetEndOfFile
GetSystemDefaultLCID
FreeResource
CreateFileW
GetVersionExA
HeapAlloc
GlobalUnlock
GetVersionExW
GetModuleFileNameW
GetFileSize
GetUserDefaultUILanguage
GetEnvironmentStringsW
FlushFileBuffers
CloseHandle
CreateProcessW
GetStartupInfoA

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
SHGetValueW
PathCombineW

advapi32

RegSetValueExW
RegDeleteValueW
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegCreateKeyExW
CryptGenRandom
AllocateAndInitializeSid
CryptAcquireContextW
CryptReleaseContext
CheckTokenMembership
FreeSid
OpenProcessToken

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW
SHFileOperationW

user32

ClientToScreen
BeginPaint
InvalidateRect
DrawFocusRect
SetCursor
MonitorFromWindow
DestroyCursor
GetWindowLongW
CallWindowProcW
EndPaint
SetCapture
GetSysColor
GetMonitorInfoW
ReleaseCapture
FillRect
SetWindowPos
GetWindowRect
DrawTextW
LoadCursorW
SetFocus
PtInRect
UpdateWindow

Sections

.text
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 295KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c67a4bb1b881f249cca057208946b853

Headers

File Characteristics

Imports

ole32

tapi32

gdi32

kernel32

shlwapi

advapi32

shell32

user32

Sections

.text Size: 653KB - Virtual size: 652KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 295KB - Virtual size: 3.5MB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 653KB - Virtual size: 652KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 295KB - Virtual size: 3.5MB

.rsrc
Size: 28KB - Virtual size: 27KB