509ef49ddbfc25859089f0171ad62d04_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

509ef49ddbfc25859089f0171ad62d04_JaffaCakes118
Size

2.5MB
MD5

509ef49ddbfc25859089f0171ad62d04
SHA1

221b1cf6dbf7bdfeb2517b20f49872c6aa0289db
SHA256

cb57229a47e41ebf163af7cd0da9a84ed60fa953f21ef5ca2408beae42d6026c
SHA512

d7f7c4e60d59b0d5b9eb48f6347da094262bb4185bb2db2f051bcf0945a39fa4dec6bd1d97109aeb3ecd86c3ecdfd29a1822ff9c7d8fdce2a5f78e26db9d1a13
SSDEEP

24576:RdiWVlXKsnu8mW5TPZUYLhMWjxUTfhum7LtlgKqQmQnES5pRgKxSA/L0XOb:CWV9KolYzTgOTUD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
509ef49ddbfc25859089f0171ad62d04_JaffaCakes118

Files

509ef49ddbfc25859089f0171ad62d04_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dd035fcc245c69b56dbaa0e9068cc5c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SetErrorInfo
VarBstrFromBool
VarBstrFromCy
VarCyFromStr
VariantChangeType
VariantCopyInd
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysStringLen
SysReAllocStringLen
SysAllocStringLen

kernel32

WaitForMultipleObjects
LoadResource
GetFileType
GetLastError
WaitCommEvent
GetSystemTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
DosDateTimeToFileTime
lstrcmpiW
CreateEventW
LoadLibraryExW
GetModuleHandleW
FindResourceW
GetTempPathW
CancelIo
BuildCommDCBAndTimeoutsW
CompareStringW
IsValidLocale
EnumSystemLocalesW
GetCurrentThreadId
ExitProcess
GetCurrentProcessId
HeapFree
VirtualAlloc
LocalSize
LocalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalFlags
GlobalAlloc
GetProcAddress
CloseHandle
GetStartupInfoW

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
memset
__setusermatherr
_controlfp

advapi32

RegDeleteValueW
RegOpenKeyExW

comctl32

InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_AddMasked
ImageList_Read
ImageList_DragMove
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_DrawIndirect
ImageList_Write
CreatePropertySheetPageW
PropertySheetW
InitCommonControlsEx
ImageList_Create
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_SetOverlayImage
ImageList_Draw
ImageList_Replace
ImageList_Remove

mpr

WNetGetConnectionW

user32

CreatePopupMenu
GetWindowInfo
ToAsciiEx
InSendMessageEx

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd035fcc245c69b56dbaa0e9068cc5c5

Headers

File Characteristics

Imports

oleaut32

kernel32

msvcrt

advapi32

comctl32

mpr

user32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.data Size: 1024B - Virtual size: 5.7MB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 14KB - Virtual size: 17KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 1024B - Virtual size: 5.7MB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 14KB - Virtual size: 17KB