e932be6aa11209a76563ad07a5dc11c8_JaffaCakes118

General

Target

e932be6aa11209a76563ad07a5dc11c8_JaffaCakes118
Size

189KB
MD5

e932be6aa11209a76563ad07a5dc11c8
SHA1

964f8d8c8006c77329e055fa6abcd3ac9b94204c
SHA256

15362254b74485feaea4f677c38a1bae3de253aea1f379863a1698b5066dc17b
SHA512

966f741c235d1ff0a08cc57f7f1911f364a193d825225b4d9b0dc46e6481e70be4536fafe9b46696389f847a139f2bd863382c9c2818fe90a84685f6107b9063
SSDEEP

3072:q3OHwM/fvyKUb5anu+LPl8qYRHIsia238vnDEUPGApzgdjM23a0LYBRGZRhiQ8tQ:COD/Hy79suCC7J238vnDb9u5e08oZRdr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e932be6aa11209a76563ad07a5dc11c8_JaffaCakes118

Files

e932be6aa11209a76563ad07a5dc11c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a5333e8c11366f7f953c78610b8ba8af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
RegSetValueExA
RegEnumKeyExA

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeEndPeriod

quartz

AMGetErrorTextW

ole32

GetRunningObjectTable
CoInitialize
CoRegisterClassObject
CoInitializeEx
CoCreateInstance
CoUninitialize
StringFromCLSID
StringFromGUID2
CoRevokeClassObject
CreateStreamOnHGlobal
CreateItemMoniker
CLSIDFromString
CoTaskMemFree
CoFreeUnusedLibraries
CoTaskMemAlloc

kernel32

WaitForSingleObject
CreateFiberEx
EnterCriticalSection
GetACP
LocalFree
ClearCommError
GetCurrentProcessId
ResumeThread
SetEvent
EnumResourceNamesA
DeleteCriticalSection
FatalExit
CreateThread
InitializeCriticalSection
CloseHandle
CreateEventA
GetSystemTimeAsFileTime
GetVersionExA
LeaveCriticalSection

user32

wsprintfA
LoadStringA
CreateWindowExA
RegisterWindowMessageA
MonitorFromWindow
MsgWaitForMultipleObjects
PeekMessageA
GetQueueStatus
GetMessageA
DispatchMessageA
RegisterClassA
CopyRect
PostThreadMessageA
wvsprintfA
DestroyWindow

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5333e8c11366f7f953c78610b8ba8af

Headers

File Characteristics

Imports

advapi32

winmm

quartz

ole32

kernel32

user32

shell32

Sections

.text Size: 161KB - Virtual size: 160KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 24KB - Virtual size: 24KB

.lib Size: 512B - Virtual size: 220KB

.text
Size: 161KB - Virtual size: 160KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 24KB - Virtual size: 24KB

.lib
Size: 512B - Virtual size: 220KB