1b6606be4ce422310d954ca0de294bea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b6606be4ce422310d954ca0de294bea_JaffaCakes118
Size

78KB
MD5

1b6606be4ce422310d954ca0de294bea
SHA1

ae356255ec3c49e197d334fa13ff7d29bcf1d889
SHA256

46c120ce98637ba79499d2742f3ab1f620e54259db69cb2f70bdd6adc3b4a3b8
SHA512

0b3cabfcf7e3e17f2a46402ad8a12d1dc62c9771b3a40d757c41b79c6cc3db40e7dcae62baa7d2a99f729debee9eed8929fbcdaf91075ca90e3d8365ffdfe0cd
SSDEEP

1536:CiVXnB6wl4blsUyItq6p4jB6xQM/5u9lNg6NRmwzd53BSLovrKloorTKEoiCk:VXB6+4bndqJK/5u9lNg6rd7SLovAosTp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b6606be4ce422310d954ca0de294bea_JaffaCakes118

Files

1b6606be4ce422310d954ca0de294bea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2ef9f7bf5c8a73aa02700a5bc78c796

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

EnumWindows
FrameRect
GetMessageA
UnhookWindowsHookEx
GetSysColor
EqualRect
EnableMenuItem
SetWindowTextA
GetSysColorBrush
PostQuitMessage
SetWindowPos
GetSubMenu
GetScrollPos

kernel32

SetUnhandledExceptionFilter
GetTickCount
FileTimeToSystemTime
GetCurrentProcessId
VirtualAllocEx
GetSystemTime
RtlUnwind
ExitProcess
GetOEMCP
InterlockedExchange
QueryPerformanceCounter
GetFileAttributesA
GetTempPathA
GetThreadLocale
GetTimeZoneInformation
GetStartupInfoA

gdi32

CreateCompatibleBitmap
CreateICW
GetMapMode
DPtoLP
FillRgn
ExcludeClipRect
CopyEnhMetaFileA
SetViewportExtEx
SelectClipPath

ole32

CoCreateInstance
DoDragDrop
CoInitialize
CoInitializeSecurity
CoRevokeClassObject
OleRun
CoTaskMemRealloc
StgOpenStorage
StringFromGUID2

advapi32

AdjustTokenPrivileges
CheckTokenMembership
FreeSid
CryptHashData
QueryServiceStatus
RegCreateKeyA
GetUserNameA
RegQueryValueExW
RegCreateKeyExW
GetSecurityDescriptorDacl

msvcrt

__getmainargs
strcspn
puts
__setusermatherr
_mbscmp
_strdup
__initenv
strlen
_lock
_CIpow
fprintf
_flsbuf
_fdopen
strncpy
fflush
iswspace
signal
raise

comctl32

ImageList_Write
ImageList_LoadImageA
ImageList_GetIcon
ImageList_LoadImageW
CreatePropertySheetPageA
ImageList_GetIconSize
ImageList_SetIconSize
InitCommonControls
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_GetBkColor
ImageList_DragEnter
ImageList_DrawEx

shell32

ShellExecuteEx
DragQueryFileA
DragAcceptFiles
CommandLineToArgvW
ShellExecuteW
DoEnvironmentSubstW
SHGetPathFromIDList
ExtractIconW
DragQueryFileW
ExtractIconExW
SHBrowseForFolderA

oleaut32

SafeArrayRedim
SafeArrayPutElement
SafeArrayGetUBound
VariantCopy
SysReAllocStringLen
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayPtrOfIndex

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2ef9f7bf5c8a73aa02700a5bc78c796

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 41KB - Virtual size: 41KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 6KB - Virtual size: 5KB