eb1a9295b13583f1d12db61027e72fa3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb1a9295b13583f1d12db61027e72fa3_JaffaCakes118
Size

2.2MB
MD5

eb1a9295b13583f1d12db61027e72fa3
SHA1

a44c8f2bdc54110ce7d295bb0b92a0212177dd77
SHA256

bcbc3eac0f777f27bdacb1cdade005bf50860fded0fa39205a66f5c9560ab80e
SHA512

f94100cd6099376120677f51ed2b8c0438302f844a54f598a9675dc5c7486e6ae30b41e12ffeae51941c17e9438f293d3de2992c0cdc6a601ffa778a273e1365
SSDEEP

49152:p0Wr2+2NRopvMx5qqLDp2iOzouQs6wt1rp9X/M:WwkkEx5VDOzrQs6EvNk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
eb1a9295b13583f1d12db61027e72fa3_JaffaCakes118

Files

eb1a9295b13583f1d12db61027e72fa3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

42d1000f47661a2cccd16f6b79ecaeff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

StrStrIA
StrStrA
StrChrA

kernel32

lstrcmpA
AllocConsole
GetStdHandle
WriteFile
WriteConsoleA
ReadFile
ReadConsoleA
MultiByteToWideChar
HeapFree
lstrcmpiA
WideCharToMultiByte
HeapAlloc
SetConsoleMode
GetConsoleMode
GetLastError
ExitProcess
Sleep
CreateThread
GetTimeFormatA
CloseHandle
CreateEventA
GetSystemDefaultLCID
SizeofResource
LockResource
LoadResource
FindResourceA
lstrlenA
ReadConsoleInputA
lstrcatA
RemoveDirectoryA
DeleteFileA
GetCommandLineA
lstrcatW
GetModuleFileNameA
CreateFileA
CreateDirectoryA
GetFileAttributesA
WaitForSingleObject
SetConsoleCursorPosition
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
PeekNamedPipe
lstrlenW
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
GetVersion
GetExitCodeProcess
TerminateProcess
GetTickCount
SetCurrentDirectoryA
GetTempPathA
GetCurrentDirectoryA
ExpandEnvironmentStringsA
lstrcmpW
GetProcessHeap
lstrcpyA
GetModuleHandleA
IsProcessorFeaturePresent

user32

MessageBoxA
GetForegroundWindow
IsCharAlphaNumericA
CharLowerA
DialogBoxParamA
GetDlgItemTextA
EndDialog
GetParent
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
LoadStringA
SetDlgItemTextA
GetDlgItem
SetFocus
wsprintfA
CharToOemA

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW

ole32

CoInitialize
CoUninitialize
CoWaitForMultipleHandles
CoGetObject
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantTimeToSystemTime
VarBstrFromCy
VarBstrFromR4
VarBstrFromR8
VarBstrFromDec
SafeArrayUnaccessData
SysFreeString
VariantInit
SysAllocString
DispInvoke
DispGetIDsOfNames
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysStringLen
LoadTypeLi
SafeArrayAccessData

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42d1000f47661a2cccd16f6b79ecaeff

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 16KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 2.2MB - Virtual size: 2.2MB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 16KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 2.2MB - Virtual size: 2.2MB