89dd9f2ae5996d56b23c19171be18e05_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89dd9f2ae5996d56b23c19171be18e05_JaffaCakes118
Size

2.8MB
MD5

89dd9f2ae5996d56b23c19171be18e05
SHA1

23b939be954d932ad33df99cdb607efbfe8b916d
SHA256

98f3d12a192c23abd973d8fe6fda228781cb17bad93d5784e57b6f9a9b8cfd11
SHA512

6926f3b9ff918e1aa6be69b768fc4962c2ce1c92e2699cd40cfd8ff105b268c26b04680144c69d7fe20604dda5aad9dec66f8b81f9aa0efe6b6a71dcbb95a3d9
SSDEEP

24576:H4d0p/KHNo93hO602mE1lTUOHovVSn1+mMKuHM:H4dCCaj19nLu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89dd9f2ae5996d56b23c19171be18e05_JaffaCakes118

Files

89dd9f2ae5996d56b23c19171be18e05_JaffaCakes118
.exe windows:5 windows x86 arch:x86

36ad1fca620445cf63d39f9237d949a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

CommDlgExtendedError
PrintDlgW
ReplaceTextW
GetOpenFileNameW

comctl32

ImageList_LoadImageW
InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ord17
InitCommonControlsEx
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_DrawIndirect
ImageList_GetIcon
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_GetDragImage
ImageList_Read
ImageList_GetIconSize
ImageList_GetImageInfo
CreateToolbarEx
CreateStatusWindowW
FlatSB_GetScrollInfo

oleaut32

SafeArrayGetElement
SafeArrayPtrOfIndex
VariantInit
VarI4FromStr
SafeArrayUnaccessData
VarBstrFromBool
VarBoolFromStr
VarNeg
VarNot
SafeArrayGetLBound
VarCyFromStr
SafeArrayCreate

msvcrt

memset

mpr

WNetGetResourceInformationW

shlwapi

PathCombineW
PathFileExistsW
StrRChrW
StrDupW
PathFindExtensionW
PathFindFileNameW
PathGetDriveNumberW
PathIsDirectoryW
PathIsRootW
PathIsNetworkPathW
SHAutoComplete
SHDeleteEmptyKeyW
PathCreateFromUrlW
UrlIsW
PathStripPathW
PathRemoveFileSpecW
PathParseIconLocationW
SHStrDupW
PathIsUNCServerW

kernel32

MultiByteToWideChar
GetOEMCP
GetFileAttributesW
GetFullPathNameW
GetStartupInfoW
CreateProcessW
LoadLibraryExW
lstrlenW
UnmapViewOfFile
FileTimeToSystemTime
GetLocalTime
MulDiv
CloseHandle
GetConsoleWindow
SetFilePointer
SetEndOfFile
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
VirtualAlloc
LocalSize
LocalAlloc
GlobalFree
GlobalUnlock
GlobalLock
GetProcAddress
WideCharToMultiByte

user32

GetSubMenu
DdeCmpStringHandles
DrawAnimatedRects
RegisterClassExW
GetDlgItemInt
CallMsgFilterW
DdeUninitialize
FindWindowExW

winspool.drv

FindClosePrinterChangeNotification

Sections

.text
Size: 2.8MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 64.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36ad1fca620445cf63d39f9237d949a5

Headers

File Characteristics

Imports

comdlg32

comctl32

oleaut32

msvcrt

mpr

shlwapi

kernel32

user32

winspool.drv

Sections

.text Size: 2.8MB - Virtual size: 2.7MB

.data Size: 1024B - Virtual size: 64.8MB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 13KB - Virtual size: 16KB

.text
Size: 2.8MB - Virtual size: 2.7MB

.data
Size: 1024B - Virtual size: 64.8MB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 13KB - Virtual size: 16KB