e77afbd4ac118ac3fbdaf109cd76be06_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e77afbd4ac118ac3fbdaf109cd76be06_JaffaCakes118
Size

137KB
MD5

e77afbd4ac118ac3fbdaf109cd76be06
SHA1

e786a368a92ede73983c353c0675f24ba49b3b9e
SHA256

32abbbad62c7ce9444f26aa67250c9fe01681fdbe736eed92a1edff3d9880f33
SHA512

7672152f49e44031976e1e77e6bc43b28fe0a3c93e0f831e582d05d137f574d81c0f7ebc59a32c7b35496a1d116e79218a96161247acd53f32d45388ae5cf0dc
SSDEEP

3072:QauQU66JsL54IW9AlykyBLl/Z5vNxuwoFSM9iZ50z9v:Qw1hsAAkyRl/ZH0mkzJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e77afbd4ac118ac3fbdaf109cd76be06_JaffaCakes118

Files

e77afbd4ac118ac3fbdaf109cd76be06_JaffaCakes118
.exe windows:4 windows x86 arch:x86

71521c66ef1cd57792e8c07e9f7725b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA
PathFileExistsA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord3922
ord1089
ord5199
ord2396
ord5731
ord3346
ord5300
ord5302
ord4079
ord2554
ord2512
ord5289
ord5307
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord4698
ord5714
ord3831
ord3825
ord3079
ord4080
ord2976
ord4424
ord3738
ord561
ord815
ord2621
ord1134
ord3626
ord3663
ord641
ord765
ord795
ord2414
ord686
ord2725
ord5265
ord4376
ord4853
ord4998
ord3830
ord4622
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord4274
ord4486
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3571
ord3619
ord6055
ord1776
ord5290
ord3402
ord3698
ord1146
ord1168
ord384
ord567
ord2302
ord2812
ord2379
ord755
ord6880
ord3092
ord470
ord4224
ord6929
ord5953
ord6215
ord1641
ord2096
ord2859
ord3721
ord268
ord353
ord6385
ord1979
ord665
ord1567
ord2614
ord924
ord860
ord2818
ord939
ord2817
ord2764
ord540
ord800
ord825
ord6375
ord539
ord4673
ord536
ord6662
ord861
ord5572
ord2915
ord823
ord5683
ord926
ord535
ord4160
ord4202
ord941
ord2763
ord4129
ord537
ord4277
ord858
ord5280
ord3810
ord3798
ord4710
ord2514
ord2863
ord1576

msvcrt

_adjust_fdiv
__p__commode
__set_app_type
__getmainargs
_acmdln
__p__fmode
_initterm
__setusermatherr
exit
__CxxFrameHandler
vsprintf
_mbscmp
memset
_setmbcp
_CxxThrowException
wcslen
_XcptFilter
_exit
_controlfp
atoi
??1type_info@@UAE@XZ
__dllonexit
_except_handler3
?terminate@@YAXXZ
memcpy
_onexit

kernel32

LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
FindClose
CreateDirectoryA
FindFirstFileA
GetSystemDirectoryA
ExpandEnvironmentStringsA
lstrlenA
MoveFileA
LoadLibraryA
DeleteFileA
FreeLibrary
OutputDebugStringA
GetProcAddress
GetComputerNameA
GetVersionExA
GetTickCount
GetModuleFileNameA
InterlockedDecrement
GetLastError
CreateMutexA
GetModuleHandleA
GetStartupInfoA
CloseHandle
FormatMessageA

user32

GetSystemMetrics
MessageBoxA
LoadIconA
EnableWindow
LoadBitmapA
GetDC
ReleaseDC
UpdateWindow
GetClientRect
IsIconic
GetSystemMenu
ExitWindowsEx
DrawIcon
GetWindowRect
AppendMenuA
SendMessageA

gdi32

GetDeviceCaps
CreateFontA
SetPixel

advapi32

RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
InitiateSystemShutdownA
RegCloseKey
RegSetValueExA

shell32

SHFileOperationA

comctl32

ImageList_AddMasked
ImageList_GetIcon

ole32

CoInitialize
CoCreateInstance
OleRun

oleaut32

SysAllocStringByteLen
GetErrorInfo
SysFreeString
VariantInit
SysStringByteLen
VariantClear
VariantChangeType
VariantCopy
SysAllocString

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

71521c66ef1cd57792e8c07e9f7725b4

Headers

File Characteristics

Imports

shlwapi

version

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp60

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 84KB - Virtual size: 84KB