27ac0dbac77d79ba8b934a7a1c9d1480_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27ac0dbac77d79ba8b934a7a1c9d1480_JaffaCakes118
Size

308KB
MD5

27ac0dbac77d79ba8b934a7a1c9d1480
SHA1

30cc39b8886a2e1689b4767be117fe3022eb9a62
SHA256

52126ac7dc8b8fd6d3c94c3ca9738fc6ac1836e18d61dde0e6bfe85e7017cb3c
SHA512

eb3d4e3693e25b07558630434b60dec93ed980a1382c994452d049a1c0dc75bab5e99cefccee5861f2dcb49e3326541ece4ed2869a19eac45cd75f78b0795df3
SSDEEP

6144:s0zX28uxzRMBRxhzAXDE8DoRnJzYrajc3UDteKnQszkY30Slg8a:s0S89P6DDkJIq6UDHnQszD30SZa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27ac0dbac77d79ba8b934a7a1c9d1480_JaffaCakes118

Files

27ac0dbac77d79ba8b934a7a1c9d1480_JaffaCakes118
.exe windows:4 windows x86 arch:x86

87026ed03e9c6d3c9644b4f2aea90e9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommModemStatus
EraseTape
CreateDirectoryExA
GetVolumeInformationW
GetTapeStatus
CreateDirectoryA
SetTimeZoneInformation
_llseek
VirtualAllocEx
ExitThread
TlsGetValue
CopyFileExW
FreeResource
CloseHandle
CreateWaitableTimerA
ReleaseSemaphore
ClearCommBreak
QueryDosDeviceA
ExitProcess
GetThreadPriority
FreeLibraryAndExitThread
WritePrivateProfileStructA
VirtualProtect
GetCommandLineA
GetVersionExA
lstrlenA
SetThreadAffinityMask

user32

IsCharLowerA
LoadBitmapA
GetClipboardData
CloseWindow
MapWindowPoints
CharLowerBuffA
SetDlgItemTextA
SendDlgItemMessageW
GetClipboardSequenceNumber
SetWindowPlacement
EnumChildWindows
SetWindowContextHelpId
EnableScrollBar
DrawIconEx
EnumDisplaySettingsA
WaitForInputIdle
CreateWindowStationW
GetMenuItemCount
WaitMessage
CreateIcon
GetMessageA
GetGuiResources
OpenIcon
EqualRect
DrawTextExA
FlashWindow
OpenWindowStationA
GetClipCursor
EnumDisplayDevicesW

gdi32

FillPath
GetCharWidthA
ExtCreatePen
GetSystemPaletteUse

comdlg32

ChooseColorA

advapi32

CryptSignHashW
CryptGetHashParam
CryptReleaseContext
RegFlushKey
QueryServiceLockStatusW
LookupAccountNameA
RegRestoreKeyA
CryptDecrypt
SetPrivateObjectSecurity
ObjectDeleteAuditAlarmW
CryptSetProvParam
ChangeServiceConfigA
CloseServiceHandle
FreeSid
AllocateAndInitializeSid
CryptImportKey
RegDeleteKeyA
LookupPrivilegeValueA
CryptGenKey
GetUserNameA
IsValidAcl
AccessCheckAndAuditAlarmA
DeleteService
MapGenericMask
RegCreateKeyExW
ImpersonateNamedPipeClient
RegEnumKeyExA
RegCreateKeyA

shell32

ExtractIconExW
SHAddToRecentDocs
SHFileOperationW
FindExecutableA
FindExecutableW

ole32

ReadClassStg
CoMarshalInterface
CoLockObjectExternal
OleCreateLink
StgOpenStorage
CoImpersonateClient
CoGetObject
CoGetClassObject
StgSetTimes

oleaut32

SysStringLen
SysAllocStringLen
SysFreeString
SafeArrayGetLBound
SetErrorInfo
VariantChangeType
SafeArrayCreate

comctl32

ImageList_ReplaceIcon
CreatePropertySheetPageW
ImageList_SetBkColor

shlwapi

PathQuoteSpacesW
StrCpyW
StrRChrA
wnsprintfA
StrChrA
PathIsUNCA
PathAddBackslashA
AssocCreate
SHRegOpenUSKeyW
PathCombineW
StrDupW
PathCompactPathExW
PathSkipRootW

setupapi

SetupDiOpenDevRegKey

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

87026ed03e9c6d3c9644b4f2aea90e9f

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

setupapi

Sections

.text Size: 288KB - Virtual size: 287KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 10KB

.text
Size: 288KB - Virtual size: 287KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 10KB