287b6dd1541d879b487a65de8cbad117_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

287b6dd1541d879b487a65de8cbad117_JaffaCakes118
Size

352KB
MD5

287b6dd1541d879b487a65de8cbad117
SHA1

179405c004770fdb8df99280f04484043fcccdc1
SHA256

a31219066d1189bbf2d3504e5262978ea5cff144ca793e89c9c4e7229059c1fc
SHA512

4bd4b83423e88da3b3cf4c33663bde14924878a363ed820944edc05e0bd39700ad2e088c592fd487fe56a38236412be0225cf322e2b8004336ffabd9a41800de
SSDEEP

6144:eCwN3JoHS8LQXMHpyJbHvtPuNlRmZUarCNywTgA2ZOLW2vJX+qKuN:YhQ+bHvtufQlugA5LWamM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
287b6dd1541d879b487a65de8cbad117_JaffaCakes118

Files

287b6dd1541d879b487a65de8cbad117_JaffaCakes118
.exe windows:4 windows x86 arch:x86

167e44eb553a03e5aa46ac9059a81afd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFlags
EraseTape
EnumSystemCodePagesW
CancelIo
GetModuleFileNameW
GetModuleHandleA
GetConsoleCursorInfo
SetConsoleActiveScreenBuffer
CloseHandle
WriteProcessMemory
LCMapStringA
WriteConsoleOutputW
VirtualProtect
ExitProcess
GetThreadPriority
SetTimeZoneInformation
GetTapeParameters
VirtualQuery
GenerateConsoleCtrlEvent
GetCommandLineA
GetVersionExA
EnumTimeFormatsW

user32

GetCaretBlinkTime
SendDlgItemMessageA
PostMessageW
CreateCursor
LoadStringA
GetWindow
GetMessageExtraInfo
DispatchMessageA
BroadcastSystemMessageA
GetMessagePos
IsZoomed
SendMessageA
SetWinEventHook
NotifyWinEvent
DestroyCaret
GetClipboardFormatNameA
GetClassLongW

gdi32

CreateBrushIndirect
ResizePalette
SetTextAlign
GetTextExtentPoint32A
LineDDA
CreateDIBitmap
GetTextExtentExPointW
StrokeAndFillPath
GetTextExtentExPointA
SetViewportExtEx
CombineRgn
RealizePalette
SetLayout
SetDIBits
RemoveFontResourceA

advapi32

RegOpenKeyA
CryptDestroyKey
ChangeServiceConfigA
RegEnumKeyExA
LookupAccountSidA
RegCreateKeyExW
OpenSCManagerW
GetLengthSid
RegDeleteKeyA
CryptDestroyHash
MakeSelfRelativeSD
RegLoadKeyA
RegRestoreKeyA
SetFileSecurityA
RegisterEventSourceW
LookupPrivilegeDisplayNameA
GetAclInformation
RegQueryValueExW
RegDeleteKeyW
GetSecurityDescriptorDacl
LookupPrivilegeValueW
CryptGenKey
CryptSetHashParam
LogonUserA
LookupPrivilegeNameA
BuildSecurityDescriptorW
ChangeServiceConfigW
GetCurrentHwProfileW

shell32

SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ExtractIconExW
SHGetSpecialFolderPathA

ole32

MkParseDisplayName
CoFileTimeNow
RevokeDragDrop
OleInitialize
CoMarshalInterThreadInterfaceInStream
StringFromGUID2
CoInitializeEx
CoRegisterMallocSpy
CoTreatAsClass
CoRegisterClassObject

oleaut32

SysStringLen
SysFreeString
SafeArrayPutElement

comctl32

ImageList_Merge
ImageList_Draw
ImageList_Destroy

shlwapi

AssocCreate
StrCpyNW
AssocQueryKeyW
SHRegCreateUSKeyW
StrChrW
PathCompactPathExW
PathIsURLW
SHCopyKeyW

setupapi

SetupScanFileQueueW
SetupOpenInfFileA
SetupDiEnumDriverInfoA
SetupDiEnumDeviceInfo
SetupOpenFileQueue
SetupCommitFileQueueA

Sections

.text
Size: 332KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

167e44eb553a03e5aa46ac9059a81afd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

setupapi

Sections

.text Size: 332KB - Virtual size: 330KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 8KB

.text
Size: 332KB - Virtual size: 330KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 8KB