24272f6006213ae5fed910b589584e8d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

24272f6006213ae5fed910b589584e8d_JaffaCakes118
Size

477KB
MD5

24272f6006213ae5fed910b589584e8d
SHA1

987c5f33cdcbdd483e8148893b642525607ce2a0
SHA256

d0c23a944a51e6c2865add95f525afe487a17c862860a6c47235384532b95f3a
SHA512

dfaa123e5c8d99bb2b528e0e2cba63f3c7e41a24c8d224ae3ecfb384b6f204717e2cb582332360a9052932f1043a9e3bd7e69d52e51b8ef0348920473ea7d82e
SSDEEP

12288:9MbkectlR63KIXRG6q7Dl5xthAFF+IXM0Usm:wkect63KIXgJ7RLtUFBXW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24272f6006213ae5fed910b589584e8d_JaffaCakes118

Files

24272f6006213ae5fed910b589584e8d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

19e6da49a4d8f33e5abc6e78d0d38a0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetICMProfileW
GetDeviceGammaRamp
GetOutlineTextMetricsW
IntersectClipRect
GetKerningPairs
GetPolyFillMode
ExtCreatePen

shell32

SHGetSpecialFolderPathW
RealShellExecuteExA
ExtractIconEx
ShellExecuteExA
SHFileOperationW
SHFileOperation
SHLoadInProc
ExtractIconA
FindExecutableA
DragQueryPoint
SheChangeDirExW
SHGetDiskFreeSpaceA
FindExecutableW
SHChangeNotify
RealShellExecuteExW
DragAcceptFiles
SHGetDataFromIDListW
InternalExtractIconListA

advapi32

RegDeleteKeyW
CryptEncrypt
LookupPrivilegeDisplayNameA
CryptDuplicateHash
RegEnumValueW
CryptGenRandom

comdlg32

GetSaveFileNameA
GetOpenFileNameW
ChooseColorW
ChooseFontA
PrintDlgA
FindTextW
PrintDlgW
FindTextA
PageSetupDlgA
ChooseColorA
PageSetupDlgW
LoadAlterBitmap
GetFileTitleW

kernel32

UnhandledExceptionFilter
TerminateProcess
CopyFileA
RtlUnwind
GetMailslotInfo
GetVersionExA
ReadFileEx
GetOEMCP
LoadLibraryA
GetCPInfo
GetEnvironmentStrings
LCMapStringW
HeapDestroy
LeaveCriticalSection
SetLastError
SetHandleCount
GetStdHandle
HeapSize
GetLastError
HeapReAlloc
ExitProcess
SetCurrentDirectoryA
AllocConsole
GetCurrentProcessId
GetPrivateProfileSectionA
GetModuleFileNameA
GetSystemInfo
GetTimeFormatA
QueryPerformanceCounter
GetDateFormatA
GetShortPathNameA
VirtualFree
LCMapStringA
GetCurrentThreadId
GetProcAddress
GetCommandLineA
GetLocaleInfoW
TlsSetValue
EnumResourceNamesW
EnumSystemLocalesA
TlsAlloc
GetTickCount
GetEnvironmentStringsW
WaitNamedPipeW
GetExitCodeProcess
DeleteCriticalSection
GetStringTypeW
InitializeCriticalSection
GetModuleHandleA
VirtualProtect
FreeEnvironmentStringsA
IsBadWritePtr
IsValidLocale
SetEnvironmentVariableA
IsValidCodePage
VirtualAlloc
GetLocaleInfoA
FreeLibrary
GetCurrentProcess
CompareStringA
HeapAlloc
InterlockedExchange
MultiByteToWideChar
HeapCreate
TlsGetValue
GetSystemTimeAsFileTime
WriteFile
GetTimeZoneInformation
GetACP
GetCurrentThread
EnterCriticalSection
GetFileType
VirtualQuery
CompareStringW
GetUserDefaultLCID
GetStartupInfoA
GetVersion
TlsFree
SetThreadContext
GetStringTypeA
FreeEnvironmentStringsW
WideCharToMultiByte
HeapFree

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19e6da49a4d8f33e5abc6e78d0d38a0f

Headers

File Characteristics

Imports

gdi32

shell32

advapi32

comdlg32

kernel32

Sections

.text Size: 188KB - Virtual size: 188KB

.data Size: 275KB - Virtual size: 274KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 188KB - Virtual size: 188KB

.data
Size: 275KB - Virtual size: 274KB

.rsrc
Size: 12KB - Virtual size: 12KB