JaffaCakes118_06677a3069694ad4c03eadadec47e73f

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_06677a3069694ad4c03eadadec47e73f
Size

189KB
MD5

06677a3069694ad4c03eadadec47e73f
SHA1

542361f7fa71c178c460cf250ca7d5b78fab39ca
SHA256

6efd01f0da975719a5571e59b6aef98c2122c3c869f2953a64ba3346bd9f8e49
SHA512

158015ce139af9486e1a186b85c320000d7a5b9cd60772667f8544e1747307e78cf5461a1072c6d866a36a20b1b4e0524f6205f99223729555339b10cc79a70d
SSDEEP

3072:cS6p+c/8cBCwrQlxCoSs2o/olv4PK9Xj8+q5pWiwO749/HZPWp1kMtnTHyYADL:o+aaw3s8t4C9YpWiwO749PO1k0yD/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_06677a3069694ad4c03eadadec47e73f

Files

JaffaCakes118_06677a3069694ad4c03eadadec47e73f
.exe windows:4 windows x86 arch:x86

dbdc9cf125b4908e9a7956ece939c7ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeGetDevCaps
timeGetTime
timeBeginPeriod
timeEndPeriod

kernel32

GetTickCount
GetModuleFileNameA
LocalFree
LockResource
GetProcAddress
DisableThreadLibraryCalls
FindResourceA
CreateEventA
GetTapeParameters
GetModuleFileNameW
IsBadReadPtr
GetSystemTimeAsFileTime
LoadResource
CreateThread
ClearCommError
GetCurrentProcessId
SetThreadPriority
InitializeCriticalSection
GetVersionExA
HeapFree
ReleaseMutex
LoadLibraryW
InterlockedDecrement
ResumeThread
CreateSemaphoreA
ReleaseSemaphore
ResetEvent
lstrlenA
LeaveCriticalSection
LoadLibraryA
SetEvent
GetThreadPriority
IsBadWritePtr
EnumResourceNamesA
GetLastError
CreateFileW
GetProcessHeap
TerminateThread
VirtualFree
MultiByteToWideChar
FatalExit
EnterCriticalSection
QueryPerformanceCounter
CloseHandle
GlobalAlloc
GetSystemInfo
GetCurrentThread
InterlockedIncrement
CreateMutexA
GetSystemTime
Sleep
WaitForSingleObject
WideCharToMultiByte
FreeLibrary
DeleteCriticalSection
VirtualAlloc
WaitForMultipleObjects
GetACP
GetExitCodeThread
GetCurrentThreadId
ExitProcess

ole32

CoFreeUnusedLibraries
CoCreateInstance
CreateStreamOnHGlobal
CoRevokeClassObject
CLSIDFromString
CoRegisterClassObject
CoUninitialize
StringFromGUID2
GetRunningObjectTable
StringFromCLSID
CoInitializeEx
CoInitialize
CoTaskMemFree
CreateItemMoniker
CoTaskMemAlloc

advapi32

RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegSetValueA
RegCreateKeyExA
RegCloseKey
RegEnumKeyExA

user32

wvsprintfA
CreateWindowExA
LoadStringA
RegisterWindowMessageA
PostThreadMessageA
wsprintfA
GetQueueStatus
MonitorFromWindow
DispatchMessageA
RegisterClassA
MsgWaitForMultipleObjects
GetMessageA
CopyRect
PeekMessageA
DestroyWindow

shell32

SHGetSpecialFolderPathA

quartz

AMGetErrorTextW

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbdc9cf125b4908e9a7956ece939c7ac

Headers

File Characteristics

Imports

winmm

kernel32

ole32

advapi32

user32

shell32

quartz

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 58KB - Virtual size: 58KB

.lib Size: 512B - Virtual size: 112KB

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 58KB - Virtual size: 58KB

.lib
Size: 512B - Virtual size: 112KB