96289ea18cdd60e6124fd906f1c2c4bf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

96289ea18cdd60e6124fd906f1c2c4bf_JaffaCakes118
Size

169KB
MD5

96289ea18cdd60e6124fd906f1c2c4bf
SHA1

4a64fd8328c8df136a376c0f6823566e95baf268
SHA256

bdb3d9408eb9771a9d2b3deea13b806346706aeab76bf48f1d4b66a3d97e0bbc
SHA512

9dfc3671b46d66eb259def4006fcc391969bc516bb02a0150fabdb444e1eb3e31ce89471a48876ae12214ba629f0ccc0cb5185967680dbc23066a4a0b726f32b
SSDEEP

3072:Y8pozB+B4MCVc52FbxAfddXhbSByeXiVrBGTmE1H1L5uS+m43+ku/:Y8poz0iMgc52QddXhbSGrIH1L5uSk3s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96289ea18cdd60e6124fd906f1c2c4bf_JaffaCakes118

Files

96289ea18cdd60e6124fd906f1c2c4bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ad9764a2aa3f6639cc9b172ffa05667d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCreateKeyA
RegSetValueA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegEnumKeyExA

kernel32

GetCurrentProcessId
LoadLibraryA
ReleaseMutex
CreateThread
DeleteCriticalSection
LeaveCriticalSection
FindResourceA
TerminateThread
GetTapeParameters
VirtualFree
SetThreadPriority
GetACP
MultiByteToWideChar
GetSystemTime
EnterCriticalSection
GetTickCount
CreateEventA
GetThreadPriority
Sleep
LockResource
ClearCommError
WaitForMultipleObjects
QueryPerformanceCounter
CreateFileW
ResumeThread
GetProcessHeap
GetModuleFileNameW
EnumResourceNamesA
GetSystemTimeAsFileTime
IsBadWritePtr
CreateMutexA
ResetEvent
LoadLibraryW
ReleaseSemaphore
LocalFree
LoadResource
WaitForSingleObject
GetProcAddress
IsBadReadPtr
SetEvent
VirtualAlloc
GetLastError
FatalExit
InitializeCriticalSection
CloseHandle
GetModuleFileNameA
GetCurrentThread
GetSystemInfo
lstrlenA
GlobalAlloc
GetVersionExA
GetCurrentThreadId
CreateSemaphoreA
WideCharToMultiByte
InterlockedDecrement
HeapFree
InterlockedIncrement
FreeLibrary
DisableThreadLibraryCalls
GetExitCodeThread
ExitProcess

quartz

AMGetErrorTextW

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeEndPeriod

ole32

CoFreeUnusedLibraries
CoTaskMemFree
CoRevokeClassObject
CreateItemMoniker
CoCreateInstance
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
StringFromCLSID
CoUninitialize
CoInitialize
CoInitializeEx
GetRunningObjectTable
CoRegisterClassObject
CoTaskMemAlloc

shell32

SHGetSpecialFolderPathA

user32

RegisterWindowMessageA
GetMessageA
wsprintfA
CopyRect
MsgWaitForMultipleObjects
LoadStringA
GetQueueStatus
DispatchMessageA
PeekMessageA
CreateWindowExA
wvsprintfA
PostThreadMessageA
RegisterClassA
MonitorFromWindow
DestroyWindow

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad9764a2aa3f6639cc9b172ffa05667d

Headers

File Characteristics

Imports

advapi32

kernel32

quartz

winmm

ole32

shell32

user32

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 44KB - Virtual size: 44KB

.lib Size: 512B - Virtual size: 88KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 44KB - Virtual size: 44KB

.lib
Size: 512B - Virtual size: 88KB