1ad70921e383a8b97696c72c8d948d57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1ad70921e383a8b97696c72c8d948d57_JaffaCakes118
Size

48KB
MD5

1ad70921e383a8b97696c72c8d948d57
SHA1

9c999e4a524bd0895302377693deb91241c378f5
SHA256

db5238154e628b2c73611c140559478d526d96f9a314b5d0fe19ec4874fbc554
SHA512

97a27f0b0ea3e9ff3b1635b18b16c37c2d30d68f79d5fe7f55f27d366d7371ed3510bdf3928d092f0a3f7c35064553e8122b2d4d0abdb7511bcb05d45ab80062
SSDEEP

384:Pct8ydex2Z+Mm7LFcOX8OuCo/LtynQCkKxysHNPf+MWn8Rl+pohvDUDr:kaydDM7FcQ8XtCLFZ+/n8H+po9D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ad70921e383a8b97696c72c8d948d57_JaffaCakes118

Files

1ad70921e383a8b97696c72c8d948d57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0d4391a31ab77bf6ae71c146247b884a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
MultiByteToWideChar
MoveFileExA
TerminateProcess
OpenProcess
GetVersion
SetErrorMode
GetFullPathNameA
GetCurrentDirectoryA
GetSystemDirectoryA
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
WriteFile
RtlUnwind
GetFileType
GetStdHandle
CopyFileA
GetWindowsDirectoryA
GetVersionExA
LocalAlloc
lstrcpyA
lstrcatA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
LCMapStringW
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetCurrentProcess
ExitProcess
Sleep
HeapAlloc
HeapFree
GetDriveTypeA

user32

SetWindowTextA
PeekMessageA
DispatchMessageA
TranslateMessage
OemToCharA
CharPrevA
MessageBoxA
CharNextA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegSetValueExA
OpenSCManagerA
OpenServiceA
StartServiceA
CloseServiceHandle
ControlService

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

msuilstf

FDoDialogExt
FKillNDialogs

msinsstf

FInitializeInstall
FCreateProgManGroup
TerminateInstall
ProSetPos
FAddToBillboardList
GrcCopyFilesInCopyList
FCreateProgManItem
ResetCopyList
FShowProgManGroup

msshlstf

InitializeFrame
FSetBitmap
HwndFrame
FSetSymbolValue
HShowWaitCursor
FRestoreCursor
TerminateFrame
HinstFrame

mscomstf

DoMsgBox
FValidDir
FOpenInf
CbGetSymbolValue
FAddSectionFilesToCopyList

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d4391a31ab77bf6ae71c146247b884a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msuilstf

msinsstf

msshlstf

mscomstf

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 16B