1bde8e8bface95d77b2ef7445554a3bf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1bde8e8bface95d77b2ef7445554a3bf_JaffaCakes118
Size

82KB
MD5

1bde8e8bface95d77b2ef7445554a3bf
SHA1

50e65bf2d164d9c6f609d1a81f48c64b4d26362a
SHA256

a4a1f7beeda7fbd3cc1ee71eeae61cc386b6f8665ec96626452e4d7eb01e33ab
SHA512

6d813c287d7c758b22a8e64aee9926b78d55eef28a3fae8e518d381736123fcd393c149063cf79a9b6c98ccacf5493401fe717eb7c7d3f8045e2494fe521073a
SSDEEP

1536:PB6JosneEMgS6qtoY9NfA8pn+w0+HmNxks7tjJ4ic2OmqVzMDoAaBKs81Ca/:PByPLsFdHn+wBHmnF7NJ4i1kVzMDEBKh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1bde8e8bface95d77b2ef7445554a3bf_JaffaCakes118

Files

1bde8e8bface95d77b2ef7445554a3bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6de6eb41c6b0ec158f6f51663b7c386d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetScrollPos
EnumWindows
SetWindowTextA
EqualRect
SetWindowPos
EnableMenuItem
GetMessageA
GetSysColorBrush
UnhookWindowsHookEx
FrameRect
GetSubMenu
GetSysColor
PostQuitMessage

kernel32

GetCurrentProcessId
GetFileAttributesA
VirtualAllocEx
ExitProcess
GetTempPathA
GetThreadLocale
QueryPerformanceCounter
RtlUnwind
SetUnhandledExceptionFilter
FileTimeToSystemTime
GetSystemTime
InterlockedExchange
GetTimeZoneInformation
GetStartupInfoA
GetOEMCP

gdi32

GetMapMode
DPtoLP
SetViewportExtEx
ExcludeClipRect
CopyEnhMetaFileA
CreateICW
FillRgn
SelectClipPath
CreateCompatibleBitmap

ole32

DoDragDrop
StringFromGUID2
CoCreateInstance
CoInitialize
StgOpenStorage
OleRun
CoTaskMemRealloc
CoRevokeClassObject
CoInitializeSecurity

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCreateKeyA
AdjustTokenPrivileges
CheckTokenMembership
GetSecurityDescriptorDacl
GetUserNameA
FreeSid
CryptHashData
QueryServiceStatus

msvcrt

iswspace
strcspn
__getmainargs
_CIpow
puts
signal
fflush
__initenv
_strdup
fprintf
strncpy
raise
__setusermatherr
_fdopen
_mbscmp
_flsbuf
_lock
strlen

comctl32

ImageList_GetBkColor
ImageList_DrawEx
InitCommonControls
ImageList_LoadImageW
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_SetIconSize
ImageList_LoadImageA
ImageList_GetIcon
CreatePropertySheetPageA
ImageList_DragEnter
ImageList_Destroy
ImageList_Write

shell32

DragQueryFileW
SHBrowseForFolderA
ShellExecuteW
DoEnvironmentSubstW
SHGetPathFromIDList
DragAcceptFiles
DragQueryFileA
ShellExecuteEx
ExtractIconW
CommandLineToArgvW
ExtractIconExW

oleaut32

SafeArrayRedim
SysReAllocStringLen
SafeArrayPutElement
VariantCopy
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayPtrOfIndex
SafeArrayGetUBound

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6de6eb41c6b0ec158f6f51663b7c386d

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 40KB - Virtual size: 40KB

.rsrc Size: 5KB - Virtual size: 34KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 5KB - Virtual size: 34KB