e50dc1e7b89c7d295e02fb8b694aa6f1_JaffaCakes118

General

Target

e50dc1e7b89c7d295e02fb8b694aa6f1_JaffaCakes118
Size

202KB
MD5

e50dc1e7b89c7d295e02fb8b694aa6f1
SHA1

0599cd6977923bcb30c759feedb6bcb0c50f9267
SHA256

ddb7ee610fb0013021643b1256bfe8912e9795e85f2d1333dc1d6479e165f322
SHA512

41e5980f06a81526095bd083e3a6d4cb78cf43a387e36f58cdec261b4024bcf88842104a3d3fc3d0e17f477dbd62ee68bff5d95788495ff931b023acfdf88b80
SSDEEP

6144:vvQP4rdorivBNbKVWNRPIDEkkBSzez4YJ84iKlfE+crsZDHE8:HhrdoripJgWNRPIACyz4YCpKlfE+ciT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e50dc1e7b89c7d295e02fb8b694aa6f1_JaffaCakes118

Files

e50dc1e7b89c7d295e02fb8b694aa6f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

401be462b2ab11166eb00a61c6e0932a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetVersionExA
CreateFiber
lstrcmpiA
GetACP
GetVersion
SuspendThread
GetThreadLocale
GetProcAddress
RaiseException
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
DeleteCriticalSection
EnumResourceNamesA
FreeLibrary
SetThreadPriority
lstrlenA
GetLocaleInfoA
InterlockedExchange
lstrlenW
LoadLibraryW
GetLastError

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

user32

GetDesktopWindow
RegisterWindowMessageA
ShowWindow
RealGetWindowClassW
GetQueueStatus
wsprintfA
ReleaseDC
GetDC
DestroyWindow
PostThreadMessageA
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
CreateDialogParamA
wvsprintfA

advapi32

RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegCloseKey

setupapi

SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

401be462b2ab11166eb00a61c6e0932a

Headers

File Characteristics

Imports

kernel32

wininet

user32

advapi32

setupapi

Sections

.text Size: 174KB - Virtual size: 173KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 24KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 228KB

.text
Size: 174KB - Virtual size: 173KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 24KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 228KB