JaffaCakes118_3b802162de054fe6889dfa567c43691d

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_3b802162de054fe6889dfa567c43691d
Size

166KB
MD5

3b802162de054fe6889dfa567c43691d
SHA1

94a294d1a3d67e45810eec9777348dcc6e650148
SHA256

10de2fe57f2435582ea17de1d1627f36685075f49c1f27ded8154a7809bf6db5
SHA512

586434ab829201e03e29f8ceb8a41bffbd3c8d991200c8e4ae5f54e3cb4dcdd5d9dba960af190ac11380fca323140ce316da8dc222b189c7551521a6b9d4467c
SSDEEP

3072:U6ghSvEwWNbTQ8E9JMc73TTUFHTBVMN2q7O0OsfGibYH0+45YPY:UXIvEwDh/373kd7M8q7O0OUUOQY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_3b802162de054fe6889dfa567c43691d

Files

JaffaCakes118_3b802162de054fe6889dfa567c43691d
.exe windows:4 windows x86 arch:x86

f9648ffe37960c2481fb751f20f57f35

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

IsBadReadPtr
HeapFree
ResetEvent
LoadResource
IsBadWritePtr
lstrlenA
GetProcAddress
GetTapeParameters
LockResource
VirtualFree
InterlockedIncrement
CreateEventA
GetSystemTimeAsFileTime
ClearCommError
GetProcessHeap
SetEvent
GetModuleFileNameA
EnterCriticalSection
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeThread
GetTickCount
CloseHandle
EnumResourceNamesA
Sleep
VirtualAlloc
QueryPerformanceCounter
CreateFileW
WaitForSingleObject
GetModuleFileNameW
TerminateThread
ReleaseMutex
LeaveCriticalSection
WaitForMultipleObjects
LoadLibraryA
CreateThread
MultiByteToWideChar
CreateMutexA
GetCurrentThreadId
GetThreadPriority
FindResourceA
LocalFree
ResumeThread
FatalExit
GetVersionExA
GetCurrentProcessId
GetSystemInfo
WideCharToMultiByte
GetCurrentThread
InterlockedDecrement
ReleaseSemaphore
GlobalAlloc
CreateSemaphoreA
LoadLibraryW
GetSystemTime
FreeLibrary
GetLastError
GetACP
SetThreadPriority
ExitProcess

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeEndPeriod

shell32

SHGetSpecialFolderPathA

quartz

AMGetErrorTextW

user32

RegisterClassA
wvsprintfA
CreateWindowExA
wsprintfA
RegisterWindowMessageA
CopyRect
LoadStringA
PostThreadMessageA
MsgWaitForMultipleObjects
GetMessageA
MonitorFromWindow
PeekMessageA
GetQueueStatus
DispatchMessageA
DestroyWindow

ole32

CLSIDFromString
StringFromCLSID
CoFreeUnusedLibraries
StringFromGUID2
CreateStreamOnHGlobal
CoRegisterClassObject
CreateItemMoniker
CoInitialize
CoUninitialize
CoRevokeClassObject
CoTaskMemFree
CoInitializeEx
CoCreateInstance
GetRunningObjectTable
CoTaskMemAlloc

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyA
RegQueryValueExA
RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyExA

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9648ffe37960c2481fb751f20f57f35

Headers

File Characteristics

Imports

kernel32

winmm

shell32

quartz

user32

ole32

advapi32

Sections

.text Size: 111KB - Virtual size: 110KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 50KB - Virtual size: 50KB

.lib Size: 512B - Virtual size: 92KB

.text
Size: 111KB - Virtual size: 110KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 50KB - Virtual size: 50KB

.lib
Size: 512B - Virtual size: 92KB