81ae92669839137a7de49b6872daa37d_JaffaCakes118

General

Target

81ae92669839137a7de49b6872daa37d_JaffaCakes118
Size

654KB
MD5

81ae92669839137a7de49b6872daa37d
SHA1

af8ab62f0ebbcbedd84cca0b9cf6165b9725ef31
SHA256

f944d2b340a8df7242cbbf322e75c16ee2aa6f0e1f0b2d10d4277dc3e27ee3e0
SHA512

cc56ef7001c1698e65e4879a7390fc2c6c3e21fd52862d9fa160481f4f5e6544c5521f9c58eeb892fb71616ea07d87d44ff21289f6d143d38997668943937bd3
SSDEEP

12288:xaKuja/wopOUfqz+KIYIjiE1mym8tQedUSdEX05G0:xijao0LqgjihyT20g0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81ae92669839137a7de49b6872daa37d_JaffaCakes118

Files

81ae92669839137a7de49b6872daa37d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f13b1fe29c1915757f4f8668fd03fde1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSaveKeyA
RegRestoreKeyA
RegEnumKeyA
RegCreateKeyExA
RegReplaceKeyA
RegDeleteTreeA
RegUnLoadKeyA
LogonUserA
CryptSignHashA
ClearEventLogW
OpenEventLogA
RegOpenKeyA
RegDeleteValueW

shell32

SHGetFileInfoW
Shell_NotifyIconA
SHFree
ExtractIconW
SHDefExtractIconA
FindExecutableW
StrStrA
StrRChrA
DragQueryFileW
ShellAboutA
SHGetFolderPathW

shlwapi

UrlIsA
UrlCompareA
PathIsURLW
PathCommonPrefixA
UrlIsOpaqueW
UrlHashW
UrlIsNoHistoryW
PathCompactPathW
UrlGetPartW
PathCombineA
UrlGetLocationA
UrlEscapeA
PathIsRootA
UrlCanonicalizeA

authz

AuthzFreeResourceManager
AuthzFreeAuditEvent

ctl3d32

Ctl3dUnregister
Ctl3dGetVer
Ctl3dEnabled

kernel32

DeleteFileW
LoadLibraryA
GetProcAddress
GetCurrentProcess
GetCommandLineA
WaitForSingleObject
CreateJobObjectA
OpenJobObjectA
WaitNamedPipeW
InterlockedExchange
GetTickCount
OpenMutexA
FindNextFileA
MoveFileExA
LoadLibraryExW

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f13b1fe29c1915757f4f8668fd03fde1

Headers

File Characteristics

Imports

advapi32

shell32

shlwapi

authz

ctl3d32

kernel32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 34KB - Virtual size: 33KB

.rsrc Size: 566KB - Virtual size: 566KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 34KB - Virtual size: 33KB

.rsrc
Size: 566KB - Virtual size: 566KB