240d64be27cc170666c238202e93267f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

240d64be27cc170666c238202e93267f_JaffaCakes118
Size

324KB
MD5

240d64be27cc170666c238202e93267f
SHA1

c531c5dc8777c5073ade1610170224d8bbcf0dcb
SHA256

77b74990e8e75baa5d2bb6fa3c3d073301491e64ac5939bc899de3b9299aa1d0
SHA512

f1bfdf3a6f334d2deae9553ab6a601d0a30cbdcb86b0ea3eb05ab3255a65ecc5abe3f80affe87812288d8c6d7e748d4fb94eb8126447488ed8af9057e39cd20d
SSDEEP

6144:rCdXfzuY1Q+BlqUqhJ8kWTn4KThCO9yG5PBpj5bzuPGRPRT4bAwx:rKLBQcldqhPWr4Q4wCPGRPWAwx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
240d64be27cc170666c238202e93267f_JaffaCakes118

Files

240d64be27cc170666c238202e93267f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e7ba98aa0a011fd6d19191370a4fe8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
SetVolumeLabelA
GetTapeParameters
GetModuleHandleA
GetOverlappedResult
GetComputerNameW
IsBadStringPtrA
GetTimeZoneInformation
PrepareTape
SetTimeZoneInformation
GetDriveTypeA
GetProfileStringA
GetBinaryTypeW
MultiByteToWideChar
VirtualUnlock
SetConsoleOutputCP
SetupComm
_hread
ExitProcess
CreateFileW
SetEndOfFile
GetConsoleMode
CreateDirectoryExA
PulseEvent
WritePrivateProfileSectionW
GetConsoleCursorInfo
GetCommModemStatus
SetEnvironmentVariableW
SetNamedPipeHandleState
GetStartupInfoA
FindFirstFileA
SetStdHandle
VirtualQuery
WriteConsoleOutputCharacterA
ReadFile
GetShortPathNameW
CompareStringA
PeekNamedPipe
GetDiskFreeSpaceExA
VirtualLock
GetCurrentProcess
VirtualProtect
GetVersionExA
AllocConsole
GetSystemTimeAdjustment
FindNextChangeNotification
GetDriveTypeW
ReleaseSemaphore
RaiseException
SizeofResource
SetMailslotInfo
GetEnvironmentStringsW
EnumDateFormatsW
CreateMutexA
QueryDosDeviceA
SetHandleCount
RemoveDirectoryW
GetCommandLineA

user32

SendMessageA
RegisterClassA
RemovePropA
SetClassLongA

gdi32

StrokePath
GetROP2
SetAbortProc
GetOutlineTextMetricsW
OffsetWindowOrgEx
DeleteMetaFile
CreateDIBSection

comdlg32

GetSaveFileNameW

advapi32

GetUserNameW
ImpersonateNamedPipeClient
GetServiceDisplayNameW
RegSetValueExW
LookupPrivilegeNameA
RegEnumKeyA

shell32

Shell_NotifyIconW
Shell_NotifyIconA
SHChangeNotify
FindExecutableA
SHGetSpecialFolderPathA

ole32

StgCreateStorageEx
CoCreateInstanceEx
CoGetClassObject
StgSetTimes

oleaut32

SafeArrayGetLBound
SafeArrayGetElement
VariantChangeType
SafeArrayPutElement
SysStringLen
SafeArrayRedim
SafeArrayCreate
SafeArrayUnaccessData
SetErrorInfo

shlwapi

StrCmpW
SHEnumValueW
PathCanonicalizeW
StrCatW

Sections

cAlNe
Size: 288KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GDFnT
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

FBBAX
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DhHCxzb
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e7ba98aa0a011fd6d19191370a4fe8c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

cAlNe Size: 288KB - Virtual size: 286KB

GDFnT Size: 4KB - Virtual size: 2KB

FBBAX Size: 12KB - Virtual size: 9KB

DhHCxzb Size: 16KB - Virtual size: 12KB

cAlNe
Size: 288KB - Virtual size: 286KB

GDFnT
Size: 4KB - Virtual size: 2KB

FBBAX
Size: 12KB - Virtual size: 9KB

DhHCxzb
Size: 16KB - Virtual size: 12KB