048e350880fee4adbd3623f9d58436c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

048e350880fee4adbd3623f9d58436c9_JaffaCakes118
Size

136KB
MD5

048e350880fee4adbd3623f9d58436c9
SHA1

61797db81711f0f72cbcd3c625966a3894f5054f
SHA256

920382f0d1c9eed36d085bbe8b8a9e89a61bf6083a20eedade5f0d0446f7b229
SHA512

8de2aad0d780eb51a54f9d83b97c2fef4c0c7b2845e296adcbdd775eda2eacd93e0fa133d730905d31db8df072148478373a6292bac402780d224b7a56115ef9
SSDEEP

3072:kUbELSdZwYENbVz/X0sNkikuJaGO+RkSA81TRbEDGF:djgNEuIG/C3CGDI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
048e350880fee4adbd3623f9d58436c9_JaffaCakes118

Files

048e350880fee4adbd3623f9d58436c9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b64fb67c83805650d5e2c4a44023734e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
RaiseException
WaitForSingleObject
GetSystemDefaultLCID
SetFileAttributesA
lstrlenW
InterlockedExchange
GetStringTypeA
GetFileAttributesA
SetHandleCount
GetStartupInfoA
VirtualProtect
DeviceIoControl

msvcrt

__getmainargs
__setusermatherr
localeconv
_ultoa
_wcslwr
strchr
__p__fmode
_acmdln
wcscat
_adjust_fdiv
log
_XcptFilter
srand
exit
_vsnwprintf
_initterm
isleadbyte
_filelengthi64
_dup2
__p__commode
__set_app_type
_except_handler3

user32

LoadStringA
PostQuitMessage
SendDlgItemMessageA
FindWindowA
SetCapture
FillRect
GetWindowTextA
GetScrollInfo
GetCursorPos
EnumWindows
DrawFrameControl

ole32

CoUninitialize
CoRevokeClassObject
CreateBindCtx
ReleaseStgMedium
StgCreateDocfileOnILockBytes
OleUninitialize
OleGetClipboard
CoDisconnectObject
OleRun
StringFromGUID2

comctl32

ImageList_GetIconSize
ImageList_GetBkColor
ImageList_Add
DestroyPropertySheetPage
ImageList_SetDragCursorImage
ImageList_EndDrag
CreatePropertySheetPageW
InitCommonControlsEx

oleaut32

SafeArrayGetUBound
SafeArrayPutElement
SysReAllocStringLen
LoadTypeLib
CreateErrorInfo
VariantClear
VariantCopyInd
SafeArrayCreate
SafeArrayUnaccessData
SetErrorInfo

gdi32

SelectPalette
Rectangle
DeleteEnhMetaFile
IntersectClipRect
GetViewportOrgEx

version

VerQueryValueW
GetFileVersionInfoSizeA
VerFindFileW
GetFileVersionInfoW
VerLanguageNameA
GetFileVersionInfoSizeW

advapi32

OpenSCManagerW
EqualSid
RegCreateKeyExA
RegEnumValueW
RevertToSelf
QueryServiceStatus
LookupPrivilegeValueA
CryptAcquireContextA
CryptHashData
AllocateAndInitializeSid
RegOpenKeyExA

shell32

SHAddToRecentDocs
SHBrowseForFolder
DragQueryFile
SHGetPathFromIDList
SHGetFolderPathA
ExtractIconA
SHGetSpecialFolderPathW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b64fb67c83805650d5e2c4a44023734e

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

ole32

comctl32

oleaut32

gdi32

version

advapi32

shell32

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 49KB - Virtual size: 48KB

.rsrc Size: 22KB - Virtual size: 21KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 22KB - Virtual size: 21KB