f36d06253da95d2b508aad9ccfac3873_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f36d06253da95d2b508aad9ccfac3873_JaffaCakes118
Size

179KB
MD5

f36d06253da95d2b508aad9ccfac3873
SHA1

d5bac4098ba1aa2cca0ed821f3a76c3707b850f6
SHA256

bbf4a56cb1b76340c0d3c3e304ed7620f2a830f161dd589f59f65e4cb16f8a62
SHA512

a8f870325e1b1b058746598e1a792172083a796549e33fff339dbf9c600eb36bbbe027bcf3c74c6169f2e7fa77e240b4cafc6ee826afa468ddb4108c4d92a532
SSDEEP

3072:tzAEpMDC6u6r4NMFQ0TJoUq4Ehk1CQs3+d1UDEjksCfyv0MSi56+X/B/Pd7ROdh:tJy3u6r4YTJdq5m1f1mEjksixMSmLNO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f36d06253da95d2b508aad9ccfac3873_JaffaCakes118

Files

f36d06253da95d2b508aad9ccfac3873_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a15774353c5f540984913f7239d35b4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

PostThreadMessageA
MonitorFromWindow
RegisterClassA
GetMessageA
wvsprintfA
RegisterWindowMessageA
LoadStringA
PeekMessageA
DispatchMessageA
MsgWaitForMultipleObjects
wsprintfA
CreateWindowExA
CopyRect
GetQueueStatus
DestroyWindow

shell32

SHGetSpecialFolderPathA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegSetValueA
RegQueryValueExA
RegCreateKeyA
RegOpenKeyExA
RegEnumKeyExA

quartz

AMGetErrorTextW

kernel32

WideCharToMultiByte
GetTapeParameters
GetThreadPriority
SetEvent
SetThreadPriority
GetCurrentThread
HeapFree
GetExitCodeThread
CreateMutexA
GetLastError
CreateThread
VirtualAlloc
LoadLibraryA
ReleaseMutex
DisableThreadLibraryCalls
lstrlenA
Sleep
GetModuleFileNameW
GetSystemInfo
GetCurrentProcessId
ClearCommError
LocalFree
ResumeThread
LoadResource
GetACP
IsBadReadPtr
FreeLibrary
MultiByteToWideChar
EnumResourceNamesA
GetSystemTimeAsFileTime
IsBadWritePtr
LeaveCriticalSection
GetSystemTime
LoadLibraryW
CreateFileW
TerminateThread
WaitForSingleObject
InterlockedIncrement
GetVersionExA
FatalExit
InterlockedDecrement
GetModuleFileNameA
DeleteCriticalSection
GetTickCount
InitializeCriticalSection
GetProcAddress
EnterCriticalSection
CreateEventA
GetCurrentThreadId
LockResource
FindResourceA
GlobalAlloc
VirtualFree
CreateSemaphoreA
ReleaseSemaphore
WaitForMultipleObjects
ResetEvent
QueryPerformanceCounter
GetProcessHeap
CloseHandle
ExitProcess

ole32

StringFromGUID2
CLSIDFromString
CreateItemMoniker
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoFreeUnusedLibraries
CoInitializeEx
GetRunningObjectTable
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
CoTaskMemAlloc

winmm

timeGetDevCaps
timeGetTime
timeBeginPeriod
timeEndPeriod

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a15774353c5f540984913f7239d35b4e

Headers

File Characteristics

Imports

user32

shell32

advapi32

quartz

kernel32

ole32

winmm

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 46KB - Virtual size: 45KB

.lib Size: 512B - Virtual size: 232KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 46KB - Virtual size: 45KB

.lib
Size: 512B - Virtual size: 232KB