036b4392ccfd63aaa510bf7651a76faa_JaffaCakes118

General

Target

036b4392ccfd63aaa510bf7651a76faa_JaffaCakes118
Size

409KB
MD5

036b4392ccfd63aaa510bf7651a76faa
SHA1

144a329c9c45ca3e7e521f39417a263fed3b8927
SHA256

3920fdef382fbcee92aff41d41f14267d7f3e410607384dd5483927b2187b24c
SHA512

eb6404f88c4071062e3c4c6e1876f1f7536602c3baa179b706ca00811507060106532c0335a6cede9cfdfa4413781aeac4ee17bd387e8dcece5b43c8097f9836
SSDEEP

6144:4uyFUCYR6Gy8ZLdcm5jAg42562SQGOmB5KmUFQyTlzQ4LpDkRz0YFkJzeS/OXIG7:WqR6G9eyy71NUFFs4L546aSUD6KFX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
036b4392ccfd63aaa510bf7651a76faa_JaffaCakes118

Files

036b4392ccfd63aaa510bf7651a76faa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b3a90f072cfe4619723a12a4765c6b15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupAccountNameA
CryptSetHashParam
RegDeleteValueA
RevertToSelf
RegLoadKeyA
CryptEnumProvidersA
StartServiceA
RegQueryInfoKeyA
CryptVerifySignatureA
RegOpenKeyW
RegQueryInfoKeyW
DuplicateToken
CryptSetProviderA
CryptDeriveKey
RegQueryValueW
CreateServiceA

comdlg32

PageSetupDlgA
ReplaceTextA
PrintDlgA
ChooseFontW
ChooseColorW
ChooseFontA
PrintDlgW
GetOpenFileNameA
GetSaveFileNameW
FindTextW
GetOpenFileNameW
PageSetupDlgW
GetFileTitleA
GetSaveFileNameA
GetFileTitleW

shell32

SHFormatDrive
ExtractIconW
SHAddToRecentDocs
ShellHookProc
SHGetPathFromIDListA
SHGetMalloc
DragAcceptFiles
SHGetInstanceExplorer
ExtractAssociatedIconW
FindExecutableA
DoEnvironmentSubstA
SheGetDirA
FindExecutableW
ShellExecuteA
SHFreeNameMappings
SHGetSettings
SHBrowseForFolderA

gdi32

SetBoundsRect
GetBkMode
GetDeviceGammaRamp
GetLayout
SwapBuffers
CreateMetaFileA
GetMetaFileW
CreatePolyPolygonRgn
GetClipBox
SelectPalette
SetMapperFlags
SetPolyFillMode
GetICMProfileW
SetBkColor
MaskBlt
CreateDCA
OffsetClipRgn
GetTextCharsetInfo

kernel32

GetModuleHandleA
GetCurrentThreadId
VirtualAlloc
GetModuleFileNameA
TerminateProcess
VirtualQuery
HeapFree
ExitProcess
GetFileSize
InterlockedExchange
RtlUnwind
GetCurrentProcessId
GetCurrentProcess
QueryPerformanceCounter
HeapAlloc
HeapReAlloc
GetTickCount
GetProcAddress
LoadLibraryA
GetSystemTimeAsFileTime

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3a90f072cfe4619723a12a4765c6b15

Headers

File Characteristics

Imports

advapi32

comdlg32

shell32

gdi32

kernel32

Sections

.text Size: 131KB - Virtual size: 130KB

.data Size: 264KB - Virtual size: 264KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 131KB - Virtual size: 130KB

.data
Size: 264KB - Virtual size: 264KB

.rsrc
Size: 12KB - Virtual size: 12KB