15097b47b04ecb08e011b15c1d7f627c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15097b47b04ecb08e011b15c1d7f627c_JaffaCakes118
Size

226KB
MD5

15097b47b04ecb08e011b15c1d7f627c
SHA1

f5bb5d62e0321ca80ee2457068f06ce333f8731c
SHA256

06b9a1e2ff9c9eb4ed73108357c0d5bc5e7610cff161c0f68133a44c1fcb463c
SHA512

edb217c7230f43d3493eb4ce417049dd3ec32176f93cdc62aaa4ea9198f752a2a735d826ddfa6c1ddb9c76f64e6cf37b44864f6adbf20b1fcafa8324aef14043
SSDEEP

3072:2smYNLZQFKO6Y7J60efBCWYZ8Y1MaFt3uLaqSPg/vywWXtkHKwD86OBechyqCFvF:2smpgAeIWIziyVgSMWiKwPUtCO3t3h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15097b47b04ecb08e011b15c1d7f627c_JaffaCakes118

Files

15097b47b04ecb08e011b15c1d7f627c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6d1e628eddedfc60caf1fac9805bcea1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

dbghdapi

_LDtest
_FCosh
_FDenorm
_Getctype
_Dtest
_Denorm
_Stod
_Dscale
_Eps
_Inf
_Getcvt
_Poly

gdi32

GetTextFaceW
SaveDC
EnumFontsW
EnumObjects
OffsetRgn
CreatePalette
DeleteMetaFile
GetTextCharsetInfo
GetClipBox
SetRectRgn
Escape
GetSystemPaletteEntries
Polygon
SetBkMode
CreateCompatibleBitmap
StretchDIBits

kernel32

ReadFile
GetModuleHandleW
GlobalReAlloc
LockFile
GetStringTypeW
GetVersion
UnlockFile
VirtualAllocEx
WriteFile
GetCurrentThreadId
InterlockedExchange
QueryPerformanceCounter
GetFileAttributesW
SetFilePointer
GetVolumeInformationW
InterlockedDecrement
FreeLibrary
GetModuleFileNameW
GlobalLock
LockResource
SleepEx
GetLocalTime
UnhandledExceptionFilter
SizeofResource
FindFirstFileW
GlobalFree
GlobalUnlock
GetUserDefaultLCID
TerminateProcess
CloseHandle
LoadResource
MulDiv
SetErrorMode
LocalAlloc
GetPriorityClass

ole32

OleCreateMenuDescriptor
ReleaseStgMedium
OleCreateLinkFromData
CoRegisterClassObject
CoInitialize
CreateItemMoniker
OleSave
StgOpenStorage
CoRevokeClassObject
ProgIDFromCLSID

ntdll

NtSetInformationThread
NtOpenEventPair

user32

RegisterWindowMessageA
LoadIconW
IsIconic
GetTopWindow
ValidateRect
IsZoomed
PtInRect
GetDoubleClickTime
OpenClipboard
GetKeyboardLayout
InvalidateRgn
IsWindowVisible
CreateCaret
CreateMenu
DrawMenuBar
SetMessageQueue
HideCaret
RegisterClassW
SetFocus
GetParent
GetCaretPos
MessageBoxA
DestroyCaret
GetFocus
ReleaseCapture
SendMessageW
GetIconInfo
SetScrollRange
DrawTextA
PostQuitMessage
ScreenToClient
EnumThreadWindows
DefWindowProcW
GetWindowPlacement
RegisterClassExW
SetWindowsHookExW
DispatchMessageW
IsClipboardFormatAvailable
CallWindowProcW
MonitorFromRect

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d1e628eddedfc60caf1fac9805bcea1

Headers

DLL Characteristics

File Characteristics

Imports

dbghdapi

gdi32

kernel32

ole32

ntdll

user32

Sections

.text Size: 72KB - Virtual size: 72KB

.data Size: 121KB - Virtual size: 120KB

.rsrc Size: 32KB - Virtual size: 36KB

.text
Size: 72KB - Virtual size: 72KB

.data
Size: 121KB - Virtual size: 120KB

.rsrc
Size: 32KB - Virtual size: 36KB