17794e7f8de9864e56ce3f3e8f69180a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17794e7f8de9864e56ce3f3e8f69180a_JaffaCakes118
Size

91KB
MD5

17794e7f8de9864e56ce3f3e8f69180a
SHA1

465f422578628cbde1c3bd95190ec84e2068d614
SHA256

eaf10f3b57b888c8c3094addedd56dc903ba0efdb0941d87bc578e674ae1190e
SHA512

c556217716a6ed04a839d2ad588f256c0cdcdbe1da622fc168293cb4b776717f758269735220e15830aa816e6dc26bb69ddec04b11589ea8d1f0d64f1332ad3a
SSDEEP

1536:qNzWXji+aCmV/N0MheldOXzEnq/CbKDYR4XbuVPZyV2j4cFj+tkyfYm0:qZQO+XmVSd8zJ2KE+CVhyV2kcFj+tk2i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17794e7f8de9864e56ce3f3e8f69180a_JaffaCakes118

Files

17794e7f8de9864e56ce3f3e8f69180a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4bbc14a62104e4b351e7b4d2493f49a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteW
ShellAboutW

gdiplus

GdipIsVisiblePoint
GdipGetVisibleClipBounds
GdipNewPrivateFontCollection
GdipAddPathRectangles
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromFileICM
GdipIsClipEmpty
GdipAddPathClosedCurve
GdipWarpPath
GdipAddPathRectangle
GdipAddPathClosedCurve2
GdipReversePath
GdipNewInstalledFontCollection

kernel32

GlobalReAlloc
LocalSize
FatalExit
GlobalHandle
GlobalMemoryStatusEx
GetLogicalDrives
LockFile
GetCommProperties
EscapeCommFunction
WaitNamedPipeW
GetFileAttributesW
CopyFileA
HeapReAlloc
HeapAlloc
GetModuleHandleExW
CloseHandle
LocalUnlock
GlobalFix
GetNativeSystemInfo
SetLocalTime
HeapFree
SignalObjectAndWait
VirtualFreeEx
GetOverlappedResult
GetCPInfoExW
GetProcAddress
VirtualAllocEx

user32

GetWindowRgnBox
GetMessageW
GetMessageExtraInfo
SetMessageExtraInfo
ValidateRect
RegisterHotKey
SetMessageQueue
ExcludeUpdateRgn
UnregisterHotKey
RedrawWindow
ScrollWindow
SetScrollPos
InvalidateRect
ScrollDC

advapi32

InitiateSystemShutdownW
RegConnectRegistryA
RegNotifyChangeKeyValue
RevertToSelf
RegOpenKeyExA
OpenServiceW
GetUserNameW
OpenSCManagerW
OpenThreadToken

Exports

Exports

_CloseDrive@8
_NewDevice@8
_RefreshWindow@4

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bbc14a62104e4b351e7b4d2493f49a9

Headers

DLL Characteristics

File Characteristics

Imports

shell32

gdiplus

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 160B

.pdata Size: 512B - Virtual size: 512B

.rsrc Size: 80KB - Virtual size: 79KB

.reloc Size: 512B - Virtual size: 306B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 160B

.pdata
Size: 512B - Virtual size: 512B

.rsrc
Size: 80KB - Virtual size: 79KB

.reloc
Size: 512B - Virtual size: 306B