e939e37c68188b52a6e14cc4f831ddd0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e939e37c68188b52a6e14cc4f831ddd0_JaffaCakes118
Size

109KB
MD5

e939e37c68188b52a6e14cc4f831ddd0
SHA1

9159676b6c61363197de5539c6c12bc7caffc04f
SHA256

94e2ffb52e90a40eefc36e88afdf1c7434e6252c593abf3e49c61ae87a4eee07
SHA512

5321f516c4608aabba41491a8d2fafc6945cb3a69ad5e4f10b79909a5dfbb8d35612e343951ee35e0ab35ec6e2a537c63d697f4c1694cf4d03c02f5914f4bbbe
SSDEEP

1536:/Sp2jfkxB7/5CkpAWz3XjJVZHoGru86efIyRhI02zz6NlQeksDQNrZDd0EEVebkb:WuEYkO83zJDdx2zPekdZDdsVebk/NPJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e939e37c68188b52a6e14cc4f831ddd0_JaffaCakes118

Files

e939e37c68188b52a6e14cc4f831ddd0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6c00905fc4e70d7a8a545470b00dc377

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrRChrW
PathSkipRootW
StrToIntW
wnsprintfA
PathIsRootW
UrlCanonicalizeW
PathIsUNCW
PathFindExtensionA
StrDupW
SHDeleteValueA
PathCombineW
PathAppendW
AssocQueryStringW
StrToIntExW
PathAddBackslashW
StrRetToBufW
UrlIsW
SHDeleteValueW
StrStrIA
SHSetValueW
PathFindFileNameA
SHDeleteKeyA
StrStrW
PathFileExistsW
StrCatW
StrCmpNIA
StrChrW
StrCpyNW
StrTrimW
StrCatBuffW
PathFindExtensionW
SHGetValueW
UrlUnescapeW

rpcrt4

RpcServerRegisterAuthInfoW
NdrDllCanUnloadNow
RpcBindingToStringBindingW
UuidToStringA
NdrDllRegisterProxy
RpcBindingSetAuthInfoW
NdrCStdStubBuffer_Release
RpcBindingSetAuthInfoExW
RpcImpersonateClient
RpcEpResolveBinding
CStdStubBuffer_IsIIDSupported
RpcStringFreeW
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_QueryInterface
RpcRaiseException
CStdStubBuffer_AddRef
RpcStringBindingParseW
IUnknown_Release_Proxy
UuidToStringW
NdrDllGetClassObject
CStdStubBuffer_Disconnect
NdrOleAllocate
RpcStringBindingComposeW
NdrClientCall2
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy

kernel32

OpenProcess
IsDBCSLeadByte
lstrcpynA
GetModuleFileNameW
GetUserDefaultLCID
FormatMessageW
RaiseException
DisableThreadLibraryCalls
GetFileSize
DeleteFileW
ExitProcess
GetModuleHandleW
SetEvent
VirtualAllocEx
GetModuleHandleA
SetLastError
LeaveCriticalSection
FlushFileBuffers
LoadLibraryA
TlsFree
Sleep
LoadResource
lstrcpynW
GetLocaleInfoW
GetFileAttributesW
TlsSetValue
GetCurrentDirectoryW

ole32

CoMarshalInterThreadInterfaceInStream
ReleaseStgMedium
CoRevokeClassObject
StgIsStorageFile
CoImpersonateClient
OleSaveToStream
StringFromCLSID
CoInitializeSecurity
ProgIDFromCLSID
CoGetObjectContext
OleLoadFromStream
PropVariantCopy
CoGetClassObject
MkParseDisplayName
CreateStreamOnHGlobal
CoGetMalloc
CoInitialize
CoTaskMemFree
CoCreateInstance
CoUnmarshalInterface
CoRegisterClassObject
StgCreateDocfileOnILockBytes
CoMarshalInterface
CLSIDFromProgID
CoCreateFreeThreadedMarshaler
CoReleaseMarshalData
CreateBindCtx
CoFreeUnusedLibraries
OleRegEnumVerbs
CoCreateGuid
CoTaskMemRealloc
OleRegGetUserType
CoTaskMemAlloc
OleRegGetMiscStatus

user32

ExitWindowsEx
GetWindowDC
GetCapture
SendMessageW
EndPaint
ReleaseDC
MessageBeep
LoadIconA
LoadIconW
EnumChildWindows
RegisterClassExW
CallWindowProcA
GetSysColorBrush
UpdateWindow
IsWindow
SetWindowLongA
GetWindowRect
RegisterClassExA
SystemParametersInfoA
GetSubMenu
GetKeyState
GetDC
GetSystemMetrics
FindWindowW
EndDialog
WinHelpW
LoadBitmapW
GetWindowLongW
GetPropA
GetSysColor
PostMessageA
GetWindow
CallNextHookEx
GetDlgItemTextA
FindWindowA
MapWindowPoints
GetAncestor
SetRect
RegisterClipboardFormatW

msvcrt

fseek
wcsrchr
printf
_isatty
_CxxThrowException
memset
__p__osver
_controlfp
memcpy
_XcptFilter
wcslen
_stat
_wcslwr
__p__iob
??2@YAPAXI@Z
exit
_chsize
_rotr
_ultoa
wcsncmp
strlen
wcstoul
wcscat
_wcsdup
_wcsupr
_lock
wcscspn
wcschr
strncmp
__wgetmainargs
malloc
_ftol
toupper
??3@YAXPAX@Z
isspace
wcstok
_itow
_snwprintf
towlower
time
_rotl
_beginthreadex
wcscpy
rand
_ltoa
calloc
srand

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 26KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdata
Size: 33KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6c00905fc4e70d7a8a545470b00dc377

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

rpcrt4

kernel32

ole32

user32

msvcrt

Sections

.text Size: 28KB - Virtual size: 27KB

.data Size: 19KB - Virtual size: 22KB

.idata Size: 26KB - Virtual size: 31KB

.bdata Size: 33KB - Virtual size: 40KB

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 19KB - Virtual size: 22KB

.idata
Size: 26KB - Virtual size: 31KB

.bdata
Size: 33KB - Virtual size: 40KB