f38eebcad01b5efdea7f375312c0d7d6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f38eebcad01b5efdea7f375312c0d7d6_JaffaCakes118
Size

171KB
MD5

f38eebcad01b5efdea7f375312c0d7d6
SHA1

d0abe954cf115803297eb7648ce952c329330355
SHA256

88577ee59308011b5298d9909419069336fe147b24ecf865fd92b09db2be9938
SHA512

a5ab021bcabc64990332aa91bce77500a1e414768411b5919dd4997f3158d551599b3f2cfa7ada2bd9e36aa436553f908c9d14f9ecbf8c5a7911ef85f1dec99f
SSDEEP

3072:FyO/+o4M/YIn3l36DgSVwcmlq4xy+qvh/8xIA:rHfn3FZSNutxdQh/A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f38eebcad01b5efdea7f375312c0d7d6_JaffaCakes118

Files

f38eebcad01b5efdea7f375312c0d7d6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bd5fc8d24dd175c0f7604c910db2a2ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCompactPathW
PathIsUNCW

shell32

SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW

mpr

WNetGetUniversalNameW

avifil32

EditStreamSetInfoA

ntdll

RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlAllocateAndInitializeSid
RtlUnicodeStringToInteger

msvcrt

_wcsnicmp
__RTDynamicCast
_adjust_fdiv
free
wcslen
_purecall
wcschr
_vsnwprintf
swscanf
__CxxFrameHandler
wcscmp
_wcsicmp
malloc
__dllonexit
_initterm
_onexit
_except_handler3
wcsrchr
wcsstr

ole32

StringFromGUID2
CoCreateInstance
CoInitialize
ReleaseStgMedium
CoGetInterceptor
StringFromCLSID
CoSetProxyBlanket
CoGetMalloc
CoTaskMemFree
CreateStreamOnHGlobal

atl

AtlModuleGetClassObject

user32

LoadStringW
SetWindowsHookExW
IsWindowVisible
SetCursor
EnableWindow
LoadBitmapW
ScreenToClient
SendMessageW
GetClientRect
RegisterClipboardFormatW
GetParent
GetWindowRect
LoadCursorW
MessageBeep
CallNextHookEx
MessageBoxW
SetParent
WinHelpW
UnhookWindowsHookEx

kernel32

Sleep
LoadLibraryA
WriteFile
QueryPerformanceCounter
GetLastError
GetProcAddress
GetVersion
ExpandEnvironmentStringsW
GetPrivateProfileSectionW
GetFileAttributesW
GlobalFree
CloseHandle
GetCurrentThreadId
GetPrivateProfileSectionNamesW
CreateFileW
LocalFree
lstrlenW
CompareStringW
InitializeCriticalSection
TerminateProcess
VirtualAlloc
GetModuleFileNameW
GlobalUnlock
InterlockedIncrement
LoadLibraryW
lstrcmpiW
GetCurrentProcess
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LocalAlloc
WritePrivateProfileStringW
FormatMessageW
UnhandledExceptionFilter
CreateDirectoryW
GetFileAttributesExW
GetModuleHandleA
GetTickCount
GetCurrentProcessId
DeleteCriticalSection
GetModuleHandleW
GetPrivateProfileStringW
GlobalAlloc
OutputDebugStringA
WritePrivateProfileSectionW
SetLastError
GlobalLock

Sections

.text
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 848KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd5fc8d24dd175c0f7604c910db2a2ba

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

shell32

mpr

avifil32

ntdll

msvcrt

ole32

atl

user32

kernel32

Sections

.text Size: 512B - Virtual size: 416B

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 15KB - Virtual size: 848KB

.rsrc Size: 16KB - Virtual size: 16KB

.idata Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 512B - Virtual size: 416B

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 15KB - Virtual size: 848KB

.rsrc
Size: 16KB - Virtual size: 16KB

.idata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 28B