558cd7839a2e61ce63c20cab834f7369_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

558cd7839a2e61ce63c20cab834f7369_JaffaCakes118
Size

176KB
MD5

558cd7839a2e61ce63c20cab834f7369
SHA1

1b80157801a1b8774df306ccbcbe5b0336998ac3
SHA256

89adaedbdd45dbb1429b3f2f4a32d5fb6c5ea547b2e6d3e168d4c877ead719b7
SHA512

2ee81dd5bf1f2891e0e041a6b84122712391b69baa2d52aca39a47c3affd69267c0d0c0fc9e5f00f728a67b987722c8b7af05176685f3fe2a04cf3dae6cbe8d4
SSDEEP

3072:j4fhgzSy+5Mww0VJfJd3/uQTI+gYgvFp5:kfCzKtznh0vFp5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
558cd7839a2e61ce63c20cab834f7369_JaffaCakes118

Files

558cd7839a2e61ce63c20cab834f7369_JaffaCakes118
.exe windows:6 windows x86 arch:x86

b253da1ddf2bdc73861d2b60f054b196

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ChildWindowFromPoint
CopyAcceleratorTableW
GetWindow
EnumDisplaySettingsExW
DlgDirSelectComboBoxExA
GetOpenClipboardWindow
SetDlgItemTextW
ExcludeUpdateRgn
GetKeyState

cfgmgr32

CM_Get_Device_ID_ExW

oleaut32

VARIANT_UserFree
SysAllocStringLen

secur32

QuerySecurityContextToken

opengl32

glTexCoord2f
glGetError

comdlg32

GetOpenFileNameW

winspool.drv

DeletePrinter
EnumFormsW

shlwapi

PathIsSystemFolderW

crypt32

CryptMsgGetAndVerifySigner
CryptStringToBinaryA

imm32

ImmGetCompositionStringW

winmm

midiOutGetDevCapsA
mciGetCreatorTask

mprapi

MprConfigBufferFree

lz32

LZOpenFileW

advapi32

GetSecurityDescriptorControl
RegSaveKeyExW
SetFileSecurityW

esent

JetSetColumns

comctl32

CreateToolbarEx

gdi32

RectVisible
InvertRgn
CreateFontW
GetCharacterPlacementW
PaintRgn
EnumFontsA
EqualRgn
GetClipRgn
GetCharABCWidthsW
ExtCreateRegion
GetPixel

rpcrt4

RpcUserFree

setupapi

SetupInstallServicesFromInfSectionExW
SetupFindNextMatchLineW

powrprof

WriteGlobalPwrPolicy

winscard

SCardGetProviderIdA

kernel32

SetCurrentDirectoryW
GetNamedPipeServerProcessId
FreeConsole
PostQueuedCompletionStatus
GetCurrencyFormatW
GetCurrentConsoleFont
ResetEvent
SetCriticalSectionSpinCount
InterlockedCompareExchange
CompareStringW
FillConsoleOutputAttribute
SetTimerQueueTimer
PeekNamedPipe

ole32

GetConvertStg
OleBuildVersion
CoUnmarshalHresult

pdh

PdhEnumObjectItemsW

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b253da1ddf2bdc73861d2b60f054b196

Headers

File Characteristics

Imports

user32

cfgmgr32

oleaut32

secur32

opengl32

comdlg32

winspool.drv

shlwapi

crypt32

imm32

winmm

mprapi

lz32

advapi32

esent

comctl32

gdi32

rpcrt4

setupapi

powrprof

winscard

kernel32

ole32

pdh

Sections

.text Size: 156KB - Virtual size: 153KB

.data Size: 4KB - Virtual size: 35KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 416B

.text
Size: 156KB - Virtual size: 153KB

.data
Size: 4KB - Virtual size: 35KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 416B