21d1e44630eae3e2685f869ec69d30b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21d1e44630eae3e2685f869ec69d30b1_JaffaCakes118
Size

200KB
MD5

21d1e44630eae3e2685f869ec69d30b1
SHA1

8d8ed75b14014cd2167819143ddd20e6f1af3389
SHA256

495a6bb846043fccd77af4bed5d33d79184ee1b5cbbd2162387972177d02ddd7
SHA512

7e4a54eac2810f9d2c02273711bfa569658100c575ac41c707bedfe56842b02c73e325d670c67850398102b06a32fa3096d1b8ac05f6c77815cf42eb6f618c77
SSDEEP

3072:4uv8PPrY4J6MVp9h34L3fn/pAg6EiU0vvVdtwNfBFQ30gGlmK1C3lJkS14UJam:4uUPPjJ6M9ovnOkiU0vvOVc0mH4Q4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21d1e44630eae3e2685f869ec69d30b1_JaffaCakes118

Files

21d1e44630eae3e2685f869ec69d30b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e393f7319ae63c5eb3932845bcd84f62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegOpenKeyA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

ole32

ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

user32

MoveWindow
SetCursor
ReleaseDC
IsWindow
GetWindowInfo
ReleaseCapture
SetWindowPos
LoadCursorA
FillRect
GetDC
GetSysColor
GetDlgItem
SetWindowLongA
GetWindowLongA
SetCapture

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

gdi32

CreateRectRgn
SetTextColor
SetBkMode
BitBlt
DeleteDC
CreateSolidBrush
GetStockObject
GetObjectA
DeleteObject
GetDeviceCaps
DeleteMetaFile
CreateCompatibleDC
RestoreDC
SaveDC
GetTextExtentPoint32A
SelectObject
EnumFontFamiliesExA
TextOutA
Rectangle
CreateFontIndirectA
CreateCompatibleBitmap

kernel32

SetTapePosition
Sleep
ClearCommError
GetLocalTime
GetVersion
FindClose
EnumResourceNamesA
InterlockedExchange
FatalExit
GetWindowsDirectoryA
GetCurrentProcessId
FindFirstFileA

oleacc

LresultFromObject
CreateStdAccessibleObject

winmm

mciSendCommandA
sndPlaySoundA

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e393f7319ae63c5eb3932845bcd84f62

Headers

File Characteristics

Imports

advapi32

ole32

version

user32

shell32

gdi32

kernel32

oleacc

winmm

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 24KB - Virtual size: 24KB

.lib Size: 512B - Virtual size: 100KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 24KB - Virtual size: 24KB

.lib
Size: 512B - Virtual size: 100KB