dd017e7b0351d853bd8520ea9fb0f7b8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dd017e7b0351d853bd8520ea9fb0f7b8_JaffaCakes118
Size

167KB
MD5

dd017e7b0351d853bd8520ea9fb0f7b8
SHA1

05a9404e835949f47ff004a8c177324646c8cb98
SHA256

ba40f29dca7b3fc768fc817d827c69a72073f90fcecf6c9633346f87a4567903
SHA512

4f991f87ff1042f33ef51e50d0fe779b8b31ec218db85433d6416d1936938d9bb24a3799f27b8a9564020f48cb35e32c10e2ffd22c7ca09217d8e5a6c6aa9a00
SSDEEP

3072:5ndcmKmr9bSEfya28u5xSQPeuVvQIe88KJoYqk3evgQkO6zc7f39tHHtdaCzpkx:5dc1m1Sa8yQPeNHKJo3yQa8/aCzQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd017e7b0351d853bd8520ea9fb0f7b8_JaffaCakes118

Files

dd017e7b0351d853bd8520ea9fb0f7b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ba77bbc12625aded3c19564706a7568

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeEndPeriod

kernel32

InitializeCriticalSection
GetExitCodeThread
CreateMutexA
LoadLibraryW
GetSystemInfo
GetCurrentThreadId
LocalFree
TerminateThread
GlobalAlloc
GetTapeParameters
LoadLibraryA
GetCurrentThread
GetProcessHeap
lstrlenA
DeleteCriticalSection
ReleaseSemaphore
VirtualFree
LoadResource
WideCharToMultiByte
QueryPerformanceCounter
GetModuleFileNameA
IsBadWritePtr
ClearCommError
GetCurrentProcessId
GetSystemTime
MultiByteToWideChar
SetEvent
CreateEventA
EnterCriticalSection
GetProcAddress
GetThreadPriority
WaitForSingleObject
EnumResourceNamesA
FindResourceA
SetThreadPriority
GetLastError
ResetEvent
VirtualAlloc
ResumeThread
LeaveCriticalSection
InterlockedDecrement
FatalExit
HeapFree
DisableThreadLibraryCalls
IsBadReadPtr
InterlockedIncrement
GetVersionExA
GetSystemTimeAsFileTime
GetModuleFileNameW
LockResource
CreateFileW
GetACP
GetTickCount
Sleep
ReleaseMutex
CreateThread
CreateSemaphoreA
WaitForMultipleObjects
FreeLibrary
CloseHandle
ExitProcess

shell32

SHGetSpecialFolderPathA

user32

PostThreadMessageA
DispatchMessageA
GetMessageA
MonitorFromWindow
RegisterClassA
LoadStringA
CopyRect
MsgWaitForMultipleObjects
GetQueueStatus
wvsprintfA
PeekMessageA
RegisterWindowMessageA
wsprintfA
CreateWindowExA
DestroyWindow

advapi32

RegDeleteKeyA
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA

ole32

CoRegisterClassObject
StringFromGUID2
StringFromCLSID
CoInitialize
CreateItemMoniker
CoTaskMemFree
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoFreeUnusedLibraries
GetRunningObjectTable
CoInitializeEx
CLSIDFromString
CoRevokeClassObject
CoTaskMemAlloc

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ba77bbc12625aded3c19564706a7568

Headers

File Characteristics

Imports

winmm

kernel32

shell32

user32

advapi32

ole32

oleacc

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 48KB - Virtual size: 48KB

.lib Size: 512B - Virtual size: 84KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 48KB - Virtual size: 48KB

.lib
Size: 512B - Virtual size: 84KB