55b3f7464fc3a6e8fba038194dc9d7ee_JaffaCakes118

General

Target

55b3f7464fc3a6e8fba038194dc9d7ee_JaffaCakes118
Size

32KB
MD5

55b3f7464fc3a6e8fba038194dc9d7ee
SHA1

eb9970a1549e4dc203731f66dd5d4450eaae779a
SHA256

a3ff809b077200f747db54ef9cf87c9d046521657bc89d2e10434a4424f35e2b
SHA512

046d23f763a2b3d6cf18a22c6f4708439366acd6f9f96541c11059d7a40e5daf97381ea9af1cf8f061112dc5ee0a72c5a82244ad194e6f02eb79a90d83d0f2c5
SSDEEP

384:1YE9npV1zml7/T/Lc+q+bwoSSLLnAnVQ3hL5tVTcyY78JjNhyf678bM:6E9pVpwLjLvq+UYHl3vtSyY7kQ48bM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55b3f7464fc3a6e8fba038194dc9d7ee_JaffaCakes118

Files

55b3f7464fc3a6e8fba038194dc9d7ee_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

00c3e6295607a4ededa901e21b3e86bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\Proj KL4.0\KLv4.0\Release\KLv4.0.pdb

Imports

kernel32

WriteFile
ReadFile
GetFileSize
CloseHandle
CreateFileA
lstrlenA
SetFilePointer
lstrcatA
GetLocalTime
lstrcmpA
GetCurrentThreadId
lstrcpyA
GetModuleHandleA
GlobalUnlock
GlobalLock
CreateThread
GetModuleFileNameA
GetLastError
CreateMutexA
HeapCreate
HeapAlloc
HeapFree
HeapDestroy
GetWindowsDirectoryA
GetSystemDirectoryA
DeleteFileA
GetExitCodeProcess
CreateProcessA
Sleep
LockResource
LoadResource
SizeofResource
FindResourceA
VirtualAlloc
HeapReAlloc
RtlUnwind
LoadLibraryA
GetCurrentProcess
TerminateProcess
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess

user32

DispatchMessageA
TranslateMessage
IsDialogMessageA
IsWindow
SendMessageA
SetClipboardViewer
CreateDialogParamA
CharLowerA
MessageBoxA
GetMessageA
OpenClipboard
GetClipboardData
CloseClipboard
ChangeClipboardChain
PostQuitMessage
SetWindowsHookExA
UnhookWindowsHookEx
GetForegroundWindow
GetWindowThreadProcessId
GetKeyboardLayout
AttachThreadInput
ToAsciiEx
GetWindowTextA
wsprintfA
CallNextHookEx
GetKeyboardState

shell32

ShellExecuteA

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00c3e6295607a4ededa901e21b3e86bf

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 776B

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 776B

.rsrc
Size: 8KB - Virtual size: 6KB