0c6ee00223c293933f1810b81ce6f7ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c6ee00223c293933f1810b81ce6f7ac_JaffaCakes118
Size

190KB
MD5

0c6ee00223c293933f1810b81ce6f7ac
SHA1

79ab4b94df0e60bf926c773b696c0002db57c569
SHA256

45b7178638c53c627510f068251d84d9e729b683cd6a02a7c40f2220bb0c6f16
SHA512

37e9d1c0c1a3dca4743a79c0c5561a289a06d677d7a2dd1e01d4fb7e960c11e360395d717c997ec111dd2fd98dd27b062b626e70b80857da95dd6b908aef4e44
SSDEEP

3072:LgYuCcHs4PicoNBRMpEwj3z+co7A1aeHXPCaF0kmH7d7jQRC+or/VAgcHe:nuCcM4PenCpGco81aMXPCaF0b7dnQDGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c6ee00223c293933f1810b81ce6f7ac_JaffaCakes118

Files

0c6ee00223c293933f1810b81ce6f7ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f8713c63cd335982725f40b2b8ad920b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleacc

LresultFromObject
CreateStdAccessibleObject

kernel32

GetCalendarInfoW
GetModuleFileNameW
CreateDirectoryW
RemoveDirectoryW
ReadFile
GetSystemDefaultLangID
InterlockedDecrement
EnumResourceLanguagesW
SystemTimeToFileTime
SetFileTime
GetThreadContext
DeleteFileW
FindClose
LoadLibraryW
EnumResourceNamesA
FindFirstFileW
GetLocaleInfoW
lstrcpyW
CreateFileW
GetVersion
GetCurrentProcessId
ExitProcess
SetFilePointer
MoveFileW
GetFileAttributesW
WriteFile
ConvertDefaultLocale
MultiByteToWideChar
WideCharToMultiByte
LocalFileTimeToFileTime
GetCurrentDirectoryW
FindNextFileW
GetProcAddress

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

gdi32

TextOutW
RectVisible
SetWindowExtEx
PtVisible
ScaleWindowExtEx
OffsetViewportOrgEx
GetDeviceCaps
Escape
ScaleViewportExtEx
SetViewportOrgEx
ExtSelectClipRgn
GetBkColor
GetTextColor
GetMapMode
SelectObject
DeleteDC
GetStockObject
ExtTextOutW
GetRgnBox

advapi32

RegEnumKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegQueryValueExW

user32

IsRectEmpty
CreateWindowExW
WinHelpW
InvalidateRect
GetPropW
GetClassInfoExW
RemovePropW
GetNextDlgTabItem
CopyAcceleratorTableW
SetRect
RegisterWindowMessageW
CharUpperW
GetNextDlgGroupItem
SetPropW
CharNextW
InvalidateRgn
MessageBeep
SendDlgItemMessageA
GetClassLongW
DestroyMenu

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathStripToRootW
PathFindFileNameW
PathIsUNCW
PathFindExtensionW
PathAppendW

ole32

OleUninitialize
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoCreateInstance
OleIsCurrentClipboard
CLSIDFromProgID
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
CoGetClassObject
CoInitialize
OleInitialize
CoRevokeClassObject
OleFlushClipboard
CoUninitialize
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoTaskMemAlloc
CLSIDFromString

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8713c63cd335982725f40b2b8ad920b

Headers

File Characteristics

Imports

oleacc

kernel32

shell32

gdi32

advapi32

user32

shlwapi

ole32

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 77KB - Virtual size: 77KB

.edata Size: 1024B - Virtual size: 68KB

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 77KB - Virtual size: 77KB

.edata
Size: 1024B - Virtual size: 68KB