0378e50ab6bf57365bdcaf7112973173_JaffaCakes118

General

Target

0378e50ab6bf57365bdcaf7112973173_JaffaCakes118
Size

393KB
MD5

0378e50ab6bf57365bdcaf7112973173
SHA1

57ee8e82fef09100c7d4db899fa76e0c849d47f1
SHA256

0bc7e3a16ae65d5e60ba185fa1c3b4f7317e07373d3e6c8642d9467a2c4c3f37
SHA512

c2cf0c4e1b22dbb090ee04751617a9f733f21bdcd8feee63ea075f80cf73a327b112c3fb183f958c23bafc8cc872a0a4c504d85b88ce8d6252a8fec54488e61a
SSDEEP

12288:HWggWIRjW3BhPRVWlidg9t6LGJdvXgCiepUDo4J+yXlrL8j00awVVZA:HWggW2jW3BhPRVWlidg9t6LGJdvXs5ck

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0378e50ab6bf57365bdcaf7112973173_JaffaCakes118

Files

0378e50ab6bf57365bdcaf7112973173_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d615b7389b996bcdc00b4f2b087c91ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
GetStringTypeExA
GetEnvironmentStringsA
CreateDirectoryExA
RtlUnwind
OpenWaitableTimerA
GetModuleFileNameW
GetCurrentProcess
GetProcAddress
VirtualAlloc
WriteConsoleInputW
GetSystemDirectoryW
HeapReAlloc
EnumSystemCodePagesA
SleepEx
FormatMessageA
WriteProfileStringA
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
HeapLock
OpenEventA
GetCompressedFileSizeW
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetCalendarInfoA
ConnectNamedPipe
GetNamedPipeHandleStateW
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
GetProfileIntA
UnlockFileEx
VirtualQuery
GetCurrentThreadId
Sleep
HeapAlloc
GetProcessHeap
HeapFree
WriteFileEx

gdi32

GetClipBox
GetStretchBltMode
SetWindowExtEx
OffsetViewportOrgEx
GetTextExtentPointW
GdiPlayJournal
MaskBlt
FixBrushOrgEx
DeleteColorSpace
SetTextJustification
SetDIBColorTable
CreateFontW
SetMapMode
StrokePath
ChoosePixelFormat
GetCharWidthA
SetWinMetaFileBits
GetTextCharsetInfo
GetSystemPaletteEntries

shell32

SHGetFileInfo
SHUpdateRecycleBinIcon
DragFinish
SHFileOperationA
SHBrowseForFolderA
ShellExecuteExA
SHAddToRecentDocs
DragQueryFile
CheckEscapesW
SHGetSpecialFolderLocation
SHFileOperation
InternalExtractIconListA
ShellExecuteW
SheChangeDirA
SHFormatDrive
DragQueryPoint
SHGetInstanceExplorer

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d615b7389b996bcdc00b4f2b087c91ba

Headers

File Characteristics

Imports

kernel32

gdi32

shell32

Sections

.text Size: 123KB - Virtual size: 123KB

.data Size: 263KB - Virtual size: 263KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 123KB - Virtual size: 123KB

.data
Size: 263KB - Virtual size: 263KB

.rsrc
Size: 5KB - Virtual size: 4KB