2a104d9534bb493a78bcec614cd8e5d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a104d9534bb493a78bcec614cd8e5d4_JaffaCakes118
Size

106KB
MD5

2a104d9534bb493a78bcec614cd8e5d4
SHA1

c69e90d460e1ce7c2d92a53aed70f4f2b4c99536
SHA256

5ddde27dd548730ae62b794afa54a575aeab3842031eb7477d99cec4a3239c75
SHA512

4e0cfdd38e0c18a118e4303267005369f6aadcbdb71c799c5be2f7eac96ae8f40a7019cc5f079491d2d8c50717b098aa79cd9c1cb754ad189158695b840ccda5
SSDEEP

1536:aW6wbgFYugfQe6vNXcdRm06MaYlxwKf6fDpxrg+DOSO4Ar9yjAxeC4cU:pGYuIQe6xcdwlCOKf67s+qJgot4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a104d9534bb493a78bcec614cd8e5d4_JaffaCakes118

Files

2a104d9534bb493a78bcec614cd8e5d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7b5f8dff5c9546ab9b608b5c0ffac9f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetScrollPos
GetSysColorBrush
EnumWindows
UnhookWindowsHookEx
GetSubMenu
GetMessageA
SetWindowPos
EqualRect
SetWindowTextA
GetSysColor
PostQuitMessage
EnableMenuItem
FrameRect

kernel32

SetUnhandledExceptionFilter
GetACP
GetOEMCP
GetSystemTime
VirtualAllocEx
GetStartupInfoA
GetThreadLocale
QueryPerformanceCounter
InterlockedExchange
GetCurrentProcessId
GetTickCount
ExitProcess
FileTimeToSystemTime
GetTimeZoneInformation
GetFileAttributesA
GetTempPathA
RtlUnwind

gdi32

DPtoLP
FillRgn
SetViewportExtEx
CopyEnhMetaFileA
CreateCompatibleBitmap
CreateICW
GetMapMode
SelectClipPath
ExcludeClipRect

ole32

StgOpenStorage
CoInitializeSecurity
DoDragDrop
CoCreateInstance
StringFromGUID2
CoInitialize
CoTaskMemRealloc
CoRevokeClassObject
OleRun

advapi32

GetUserNameA
RegCreateKeyA
CheckTokenMembership
QueryServiceStatus
AdjustTokenPrivileges
RegCreateKeyExW
FreeSid
CryptHashData
RegQueryValueExW
GetSecurityDescriptorDacl

msvcrt

signal
strcspn
__initenv
_lock
strncpy
strlen
__setusermatherr
_mbscmp
iswspace
raise
fprintf
_CIpow
puts
_fdopen
_strdup
_flsbuf
__getmainargs
fflush

comctl32

ImageList_DrawEx
ImageList_Write
ImageList_SetIconSize
CreatePropertySheetPageA
ImageList_Destroy
ImageList_GetIconSize
ImageList_GetIcon
ImageList_LoadImageW
ImageList_ReplaceIcon
ImageList_LoadImageA
InitCommonControls
ImageList_GetBkColor
ImageList_DragEnter

shell32

DragQueryFileW
ShellExecuteEx
ShellExecuteW
ExtractIconExW
DragQueryFileA
SHGetPathFromIDList
SHBrowseForFolderA
DoEnvironmentSubstW
ExtractIconW
DragAcceptFiles
CommandLineToArgvW

oleaut32

SafeArrayGetUBound
SafeArrayUnaccessData
VariantCopy
SafeArrayRedim
SysReAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayCreate

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e7b5f8dff5c9546ab9b608b5c0ffac9f

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 41KB - Virtual size: 40KB

.rsrc Size: 30KB - Virtual size: 58KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 30KB - Virtual size: 58KB