97275bf43a8a0eff3b23bd18ab28288a_JaffaCakes118

General

Target

97275bf43a8a0eff3b23bd18ab28288a_JaffaCakes118
Size

197KB
MD5

97275bf43a8a0eff3b23bd18ab28288a
SHA1

352a4168ef61b00b5f25d432ec3b109b0eb5d2e8
SHA256

dc77c3681c771dfdf2bc5471537b068655429741891ccc6cde717c571adce276
SHA512

71c2403b7c35279cff82d85d0ed8b8f9147a39d384fea21b88f899a75cd14e11d3dcae0c20a2bf89abd04cac1e400b1c53951e4476a3214632e44dc7d46ba61f
SSDEEP

6144:zF9pAsRJFmLtO9dtbeF+8EIT6Af0qWBZYKoN/XbNc:zFrAsJktQdtbeF+JjM0J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
97275bf43a8a0eff3b23bd18ab28288a_JaffaCakes118

Files

97275bf43a8a0eff3b23bd18ab28288a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d10714dcacf18ff62a71984300338b32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

quartz

AMGetErrorTextW

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
StringFromGUID2
CoUninitialize
GetRunningObjectTable
CoRevokeClassObject
CoRegisterClassObject
CreateItemMoniker
CoInitializeEx
CoTaskMemFree
CreateStreamOnHGlobal
CoFreeUnusedLibraries
StringFromCLSID
CoTaskMemAlloc

winmm

timeBeginPeriod
timeGetTime
timeGetDevCaps
timeEndPeriod

kernel32

CreateEventA
LocalFree
CreateFiberEx
EnterCriticalSection
ClearCommError
GetCurrentProcessId
GetACP
CreateThread
EnumResourceNamesA
GetVersionExA
ResumeThread
CloseHandle
DeleteCriticalSection
FatalExit
SetEvent
WaitForSingleObject
GetSystemTimeAsFileTime
InitializeCriticalSection
LeaveCriticalSection

advapi32

RegCreateKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA

user32

MonitorFromWindow
DispatchMessageA
wsprintfA
MsgWaitForMultipleObjects
GetMessageA
LoadStringA
CopyRect
RegisterClassA
GetQueueStatus
PeekMessageA
wvsprintfA
CreateWindowExA
RegisterWindowMessageA
PostThreadMessageA
DestroyWindow

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d10714dcacf18ff62a71984300338b32

Headers

File Characteristics

Imports

quartz

ole32

winmm

kernel32

advapi32

user32

shell32

Sections

.text Size: 178KB - Virtual size: 178KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 15KB - Virtual size: 14KB

.lib Size: 512B - Virtual size: 352KB

.text
Size: 178KB - Virtual size: 178KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 15KB - Virtual size: 14KB

.lib
Size: 512B - Virtual size: 352KB