f8efca2f9b6b0e0d175ef29eceb248b1_JaffaCakes118

General

Target

f8efca2f9b6b0e0d175ef29eceb248b1_JaffaCakes118
Size

403KB
MD5

f8efca2f9b6b0e0d175ef29eceb248b1
SHA1

67cfa6895ada0eb79580a6802dfc5bc882869d69
SHA256

5577b4ee7385f163aac447ae5e5b05208d5d5e4c0cbaf8afbbe2517360e0c098
SHA512

546ff0c62d795c156af71261c931546f6869601e3ec1779f9ee72f60c430c897ed94ffdcbd96a6d20062973b1ea5f742c8b2a96c0de01290b3741d71fbd5341f
SSDEEP

6144:rNOqSs9AFh4d8jBT96QCqySlgvnEMw9/9z4yCqaTsqjs:fA37oZq3lMENv4q2sq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8efca2f9b6b0e0d175ef29eceb248b1_JaffaCakes118

Files

f8efca2f9b6b0e0d175ef29eceb248b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4c1bc074f351c02fe2d719c5de8cf20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ExtractIconW
ExtractAssociatedIconExW
SHLoadInProc
SHFormatDrive
ShellHookProc
DoEnvironmentSubstA
RealShellExecuteExW
SHAppBarMessage
SHChangeNotify
SHGetDesktopFolder
ShellExecuteEx
SheSetCurDrive
SHEmptyRecycleBinA
SheGetDirA
SHQueryRecycleBinA
SHGetDiskFreeSpaceA
SHAddToRecentDocs
SHGetFileInfoW
SHGetInstanceExplorer
DragQueryFileA

comdlg32

GetSaveFileNameA
ChooseFontA
GetOpenFileNameW

user32

UpdateWindow
MapVirtualKeyA
DdeGetLastError
DrawTextA
GetCursorPos
SendMessageA
LoadImageW

gdi32

SetPixelV
GetEnhMetaFileBits
TextOutW
CreateDIBPatternBrush
StartDocA
GetBitmapDimensionEx
CreateFontW
GetKerningPairs
CreatePalette
EnumMetaFile
ResizePalette
GetTextCharsetInfo
EnableEUDC
PolyPolygon
PlayEnhMetaFile
GetPath
GetTextFaceW
ResetDCW
GetPaletteEntries
Escape
FillRgn
GetObjectType

kernel32

QueryPerformanceCounter
HeapReAlloc
CreateProcessW
VirtualAlloc
GetCurrentProcess
InterlockedExchange
GetModuleHandleA
GetModuleFileNameA
GetCurrentThreadId
GlobalAddAtomW
GetTickCount
HeapFree
GetProcAddress
TerminateProcess
RtlUnwind
EnumSystemLocalesW
GetSystemTimeAsFileTime
ExitProcess
LoadLibraryA
VirtualQuery
GetCurrentProcessId
SetComputerNameA
HeapAlloc

advapi32

CryptHashData
CryptEncrypt
RegCreateKeyExA

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4c1bc074f351c02fe2d719c5de8cf20

Headers

File Characteristics

Imports

shell32

comdlg32

user32

gdi32

kernel32

advapi32

Sections

.text Size: 130KB - Virtual size: 129KB

.data Size: 264KB - Virtual size: 264KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 130KB - Virtual size: 129KB

.data
Size: 264KB - Virtual size: 264KB

.rsrc
Size: 8KB - Virtual size: 7KB