17f4696334102301e497770aae319f07_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17f4696334102301e497770aae319f07_JaffaCakes118
Size

645KB
MD5

17f4696334102301e497770aae319f07
SHA1

0ae87e945c0d892c45ed402ed0a9062725f850ce
SHA256

3939951fe99643e85d62c37002ba063231ade4d5da3aecbcaee1b6aa6eb97169
SHA512

e740d35ff23dd744a75becea039c4291b3d2eef9c06e8204f99b83ea48f0b8ea4e1260deebf9235a6153490e9a4ee5af1dd7e6b07cf5a8e81135f642cf1919f2
SSDEEP

1536:eXw1nEm4hKLVftcVIepIUkcr7Om/N5M+ist4MjW6OaCGlww34ShWhPeLJa2:LnEm4wLhqty6L/tjWZaCNAZLp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17f4696334102301e497770aae319f07_JaffaCakes118

Files

17f4696334102301e497770aae319f07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0daf2f31a491744296bae952b5f074f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingA
CreateToolhelp32Snapshot
GetModuleHandleA
WaitForSingleObject
LoadModule
FindResourceA
GetDateFormatW
LoadLibraryA
ExitProcess
GetWindowsDirectoryA
WriteProcessMemory
CreateRemoteThread
GetModuleFileNameA
CloseHandle
GetTimeFormatW
GetUserDefaultLCID
Process32Next
Process32First
ExitProcess
CreateProcessA
OpenProcess
CreateFileMappingW
ReadProcessMemory
GetCurrentProcess
FileTimeToSystemTime
FindResourceExW
GetVersion
GetProcAddress
GetSystemDirectoryA
GetCommandLineW

user32

GetMessageA
GetClipboardOwner
TranslateMessage
UpdateWindow
DefWindowProcA
DispatchMessageA
DdeFreeDataHandle
CreateWindowExA
RegisterClassExA
ShowWindow
DeleteMenu

advapi32

CryptSetKeyParam
RegLoadKeyA
QueryServiceStatus
DeleteService
RegDeleteKeyA
CryptSetProvParam
RegEnumKeyExW
SetSecurityDescriptorControl
InitiateSystemShutdownA
ReportEventW
CloseServiceHandle
QueryServiceConfigA
EnumDependentServicesA
CryptExportKey
SetThreadToken
DuplicateTokenEx
GetTraceEnableFlags
SetFileSecurityA
RegConnectRegistryW
GetNamedSecurityInfoW

shell32

DllGetClassObject
StrCmpNA
SHAddToRecentDocs
StrChrA
DragQueryFileA
SHGetFolderPathA
SheSetCurDrive
ShellExecuteA
DragQueryPoint
ExtractIconExW
SHGetDataFromIDListW
ShellExecuteExW
SHFileOperationA
StrRChrIA
SHGetDesktopFolder

gdi32

CreateFontIndirectA
GetWorldTransform
GetWinMetaFileBits
GetCharWidthW
EnumFontsW
GetCharABCWidthsW
Ellipse
GetLayout
CloseFigure
EnumFontFamiliesW
SetMapperFlags
GetViewportOrgEx
PolyDraw
SetLayout

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 436KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0daf2f31a491744296bae952b5f074f7

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

gdi32

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 436KB - Virtual size: 436KB

.idata Size: 84KB - Virtual size: 84KB

.rdata Size: 4KB - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 4KB

.adata Size: - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 436KB - Virtual size: 436KB

.idata
Size: 84KB - Virtual size: 84KB

.rdata
Size: 4KB - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 4KB

.adata
Size: - Virtual size: 4KB