e82be27b49da6e2b58b60935e2db8bb2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e82be27b49da6e2b58b60935e2db8bb2_JaffaCakes118
Size

132KB
MD5

e82be27b49da6e2b58b60935e2db8bb2
SHA1

5848eae866f8449689ef4bfa6127bdd9218d06ff
SHA256

47dd5f6f4963e89450606a901b9977d0b34eaf3c1648dd8eb84bcd82634b61f1
SHA512

215838e5c6b9345c0972791a1fa59fde49a7cb1b14ffcec503ccefdaa0cf07aa0f05774ca385d30e73ec4754da8806596a22eeeed48026e5a369906393ecf4b8
SSDEEP

3072:xh2G9gKdIBs0qMnUm94ifhN6vfEXWJxi2zVZuH4Vd:xeKZS9rr6kG/PpZuq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e82be27b49da6e2b58b60935e2db8bb2_JaffaCakes118

Files

e82be27b49da6e2b58b60935e2db8bb2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

918e303cc724faa1b12e88879f707761

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__set_app_type
__p__commode
_acmdln
_adjust_fdiv
_initterm
isdigit
log10
floor
_controlfp
_except_handler3
__setusermatherr
__p__fmode
__getmainargs
wcscmp
exit
swprintf
_XcptFilter

kernel32

GetSystemDirectoryW
CreateProcessW
GetTickCount
IsValidCodePage
VirtualQuery
GetStartupInfoA
VirtualProtect
GetOEMCP
lstrlenW
GetModuleHandleA
InterlockedDecrement

version

GetFileVersionInfoW
GetFileVersionInfoSizeA
VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeW
VerLanguageNameA
VerQueryValueA
VerInstallFileA

advapi32

EqualSid
RegCreateKeyExW
RegCreateKeyA
RegQueryValueExW
GetSecurityDescriptorDacl
RegEnumValueW
RegDeleteValueA
DeregisterEventSource
RegDeleteKeyA
RegFlushKey

comctl32

DestroyPropertySheetPage
ImageList_SetBkColor
ImageList_Remove
CreateToolbarEx
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_DragEnter
ImageList_DrawEx

ole32

CoTaskMemFree
RegisterDragDrop
StringFromCLSID
CoRevokeClassObject
CoRegisterClassObject
OleRun
PropVariantClear
StgOpenStorageOnILockBytes
OleGetClipboard
CLSIDFromString

oleaut32

CreateErrorInfo
SysStringByteLen
SafeArrayPtrOfIndex
SafeArrayPutElement
GetActiveObject
SafeArrayGetUBound
GetErrorInfo
SysStringLen
SafeArrayUnaccessData
SysFreeString
VariantCopyInd

user32

OpenClipboard
ShowWindow
DestroyMenu
ScreenToClient
EnumWindows
GetSysColor
GetWindowLongA
InvalidateRect

gdi32

CopyMetaFileW
Pie
GetDeviceCaps
PolyDraw
SelectClipRgn
GetObjectW

shell32

SHGetSpecialFolderPathA
DragAcceptFiles
DragQueryFile
SHBindToParent
SHGetSettings
SHGetSpecialFolderLocation
SHAddToRecentDocs

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

918e303cc724faa1b12e88879f707761

Headers

File Characteristics

Imports

msvcrt

kernel32

version

advapi32

comctl32

ole32

oleaut32

user32

gdi32

shell32

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 18KB - Virtual size: 41KB

.rsrc Size: 92KB - Virtual size: 91KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 18KB - Virtual size: 41KB

.rsrc
Size: 92KB - Virtual size: 91KB