JaffaCakes118_0543787dff2a1dc592f34387ba65acda

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_0543787dff2a1dc592f34387ba65acda
Size

304KB
MD5

0543787dff2a1dc592f34387ba65acda
SHA1

1ed6ac566b472625fadf92b277672c491ddc5835
SHA256

1d03ad9d6dd870842efcc6a6eba4c109c6169b08f5acb5aa01fb9ecc14146931
SHA512

c0e5ae87859e546dd89ac6d6e193d64adf786537cd776cf46d157496af0055ce27f56348847f2989f7e65f9cb13f7a9fe82644e69d8ff8445f60b321e1a42451
SSDEEP

6144:UvvjEGrfvjyQ/MkL2DxOJrdHNzgedbHuLJ7gcEW67/Pi:mrfvjh/nSxOJrt9dzuL5g5RHi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0543787dff2a1dc592f34387ba65acda

Files

JaffaCakes118_0543787dff2a1dc592f34387ba65acda
.exe windows:5 windows x86 arch:x86

35e2459c455a2d6e629bf2db965aa155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetUserObjectInformationA
MessageBoxA
GetProcessWindowStation

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoUninitialize
CoInitialize

msvcrt

_strupr
vsprintf
ctime
_purecall
malloc
swprintf
wcsstr
_errno
__CxxFrameHandler
strncpy
memcpy
sprintf
memmove
_splitpath
fread
fprintf
free
srand
fseek
_amsg_exit
fopen
calloc
memset
ftell
time
_snprintf
printf
localtime
_XcptFilter
strstr
strncmp
toupper
_stricmp
fflush
wcsncpy
fclose
_initterm
rand
_wcsicmp
_CxxThrowException

kernel32

QueryDosDeviceA
GetCurrentThreadId
DuplicateHandle
GetFileTime
LeaveCriticalSection
WaitForSingleObject
GetSystemTimeAsFileTime
GetFileSize
ReadFile
GetFullPathNameA
DeleteFileA
VirtualFree
SystemTimeToFileTime
GetTimeZoneInformation
OutputDebugStringA
WideCharToMultiByte
FlushFileBuffers
SetFilePointer
EnterCriticalSection
DeviceIoControl
FindNextFileA
FileTimeToSystemTime
CreateFileA
VirtualAlloc
CloseHandle
UnhandledExceptionFilter
CreateEventA
WriteFile
FreeLibrary
SetUnhandledExceptionFilter
CreateThread
FindClose
GetLogicalDrives
ResetEvent
DeleteCriticalSection
IsBadCodePtr
FindFirstFileA
GetSystemTime
GetModuleHandleA
RtlUnwind
VirtualAllocEx

atmlib

ATMFinish
ATMGetNtmFields
ATMGetBuildStr
ATMInstallSubstFontW
ATMGetFontInfoW
ATMGetVersionEx
ATMRemoveSubstFontA
ATMProperlyLoaded
ATMMakePFMW
ATMGetOutlineA
ATMBBoxBaseXYShowTextA
ATMXYShowTextA

psbase

SPSetProvParam
SPCloseItem
SPGetProvInfo

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35e2459c455a2d6e629bf2db965aa155

Headers

File Characteristics

Imports

user32

advapi32

ole32

msvcrt

kernel32

atmlib

psbase

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 274KB - Virtual size: 1.3MB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 274KB - Virtual size: 1.3MB

.rsrc
Size: 6KB - Virtual size: 5KB