08402161ae2252c52d71614216887d8b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08402161ae2252c52d71614216887d8b_JaffaCakes118
Size

83KB
MD5

08402161ae2252c52d71614216887d8b
SHA1

1d7c31ca8e833b93ba5c743bc8a5c2bb0d308c97
SHA256

638ca79ce78b274e181036e0a4352c3041c7dc427091c2b80ad0fa034254a8a4
SHA512

500cbbb553e5366ebc8d7ddc2b6150bb8b9fcd11bea77ad6e8e0a9dd3182acd441d5d3f6f5ecd68d809426b6c145ef77cf862d21f48a37fb66826bbbc0ad5ada
SSDEEP

1536:Y2/92ujfq3+4JuHrZavkXtWJWfswk8AhRzbjx9vhC53FouLPLZyI7nDj/AWk3:Y2/kujfq3NSav2tRwzvz598RFZXZyI7g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08402161ae2252c52d71614216887d8b_JaffaCakes118

Files

08402161ae2252c52d71614216887d8b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d4a0a3f75a5dacaa3b665d56c8ff7bc6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetScrollPos
GetMessageA
EnableMenuItem
FrameRect
EnumWindows
PostQuitMessage
SetWindowPos
EqualRect
SetWindowTextA
GetSubMenu
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx

kernel32

GetThreadLocale
GetCurrentProcessId
VirtualAllocEx
InterlockedExchange
GetFileAttributesA
GetTempPathA
GetSystemTime
SetUnhandledExceptionFilter
GetACP
QueryPerformanceCounter
GetTickCount
RtlUnwind
GetOEMCP
FileTimeToSystemTime
GetStartupInfoA
GetTimeZoneInformation
ExitProcess

gdi32

GetMapMode
FillRgn
SelectClipPath
SetViewportExtEx
CreateICW
ExcludeClipRect
DPtoLP
CopyEnhMetaFileA
CreateCompatibleBitmap

ole32

CoRevokeClassObject
StgOpenStorage
CoInitialize
CoTaskMemRealloc
DoDragDrop
CoInitializeSecurity
CoCreateInstance
OleRun
StringFromGUID2

advapi32

RegCreateKeyExW
CheckTokenMembership
GetSecurityDescriptorDacl
RegCreateKeyA
AdjustTokenPrivileges
QueryServiceStatus
RegQueryValueExW
CryptHashData
GetUserNameA
FreeSid

msvcrt

_fdopen
_strdup
fflush
_lock
_CIpow
signal
__initenv
_flsbuf
iswspace
fprintf
_mbscmp
__setusermatherr
puts
strcspn
strlen
__getmainargs
strncpy
raise

comctl32

ImageList_GetIcon
ImageList_LoadImageW
InitCommonControls
ImageList_GetIconSize
ImageList_LoadImageA
ImageList_Write
ImageList_DragEnter
ImageList_Destroy
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetBkColor
ImageList_SetIconSize

shell32

DragAcceptFiles
SHBrowseForFolderA
ExtractIconExW
DragQueryFileW
DoEnvironmentSubstW
CommandLineToArgvW
DragQueryFileA
ExtractIconW
SHGetPathFromIDList
ShellExecuteW
ShellExecuteEx

oleaut32

SafeArrayPtrOfIndex
VariantCopy
SafeArrayCreate
SafeArrayPutElement
SysReAllocStringLen
SafeArrayRedim
SafeArrayGetUBound
SafeArrayUnaccessData

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eatbzsh
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d4a0a3f75a5dacaa3b665d56c8ff7bc6

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 41KB - Virtual size: 40KB

.rsrc Size: 6KB - Virtual size: 34KB

eatbzsh Size: - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 34KB

eatbzsh
Size: - Virtual size: 4KB