29d1c98c5b3f44206e5beb709d5827c8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

29d1c98c5b3f44206e5beb709d5827c8_JaffaCakes118
Size

134KB
MD5

29d1c98c5b3f44206e5beb709d5827c8
SHA1

8a85f931887dc7ad6e4f19895823573323979382
SHA256

3e4f987c33b6fcb860f469426a49a25db75a0ddc31f1f7e2926071d65cfd1359
SHA512

634849fe58c750fcfc7e1f5f766626bb6212e7df4fec7b9821982e2a2e8ec710b2247d6f5b197ff1fed02238d5f31a30dd24a715270e2a4a8350d47bb07907d5
SSDEEP

3072:s4V81jm6m8MzzzxIFPa+ybmVvQXxu31UFKnWanTLsYDtSjFGe:LV81+zXq33VvQXxMaYWa3DtSh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29d1c98c5b3f44206e5beb709d5827c8_JaffaCakes118

Files

29d1c98c5b3f44206e5beb709d5827c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ba0cb7e5718dd26a85925bae6e1791f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleW
CreateProcessW
GetCurrentProcess
FileTimeToLocalFileTime
IsBadReadPtr
GetModuleHandleA
GlobalReAlloc
SetErrorMode
lstrcpynA
CreateDirectoryA
GetStartupInfoA
TerminateProcess
GetWindowsDirectoryA
SetFileAttributesA
GetUserDefaultLangID
GetTempPathW
VirtualProtect

msvcrt

log10
__setusermatherr
strtol
_ftol
__lc_codepage
__p__commode
exit
_lock
_controlfp
__p__fmode
__getmainargs
_initterm
wcscat
_acmdln
floor
_adjust_fdiv
_XcptFilter
__set_app_type
_mbsrchr
_except_handler3
sqrt

comctl32

ImageList_GetImageCount
ImageList_Add
CreatePropertySheetPageA
ImageList_DragShowNolock
ImageList_Read
ImageList_GetIcon
ImageList_GetImageInfo
DestroyPropertySheetPage
ImageList_SetOverlayImage
ImageList_SetDragCursorImage
ImageList_Destroy
ImageList_GetBkColor

user32

SetClassLongA
DestroyCursor
FindWindowA
GetActiveWindow
LoadBitmapA
SetTimer
GetKeyState
LoadCursorA
ShowWindow
FillRect
CallNextHookEx

gdi32

GetTextCharsetInfo
CreateDCW
GetMapMode
Ellipse
CreateICA
GetWinMetaFileBits
GetEnhMetaFilePaletteEntries
GetObjectType
GetDCOrgEx
StartPage
CreateSolidBrush
MoveToEx
CreateCompatibleBitmap

ole32

CoReleaseMarshalData
GetRunningObjectTable
IsAccelerator
CoCreateGuid
ReleaseStgMedium
RevokeDragDrop
StringFromCLSID
CoUninitialize
CoGetInterfaceAndReleaseStream
CoGetMalloc
ProgIDFromCLSID
StringFromGUID2
StringFromIID
CreateBindCtx

oleaut32

SafeArrayPtrOfIndex
GetErrorInfo
VariantCopyInd
SafeArrayGetUBound

version

VerInstallFileW
VerLanguageNameA
GetFileVersionInfoA
VerFindFileW
GetFileVersionInfoSizeW

shell32

SHGetPathFromIDListW
SHGetPathFromIDList
SHGetSettings
SHAddToRecentDocs
ShellExecuteW
SHGetFolderPathW
DragFinish
SHGetFileInfoA
SHGetFolderLocation
Shell_NotifyIconW
FindExecutableW

advapi32

RegEnumKeyExA
SetSecurityDescriptorOwner
RegOpenKeyW
OpenSCManagerW

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ba0cb7e5718dd26a85925bae6e1791f

Headers

File Characteristics

Imports

kernel32

msvcrt

comctl32

user32

gdi32

ole32

oleaut32

version

shell32

advapi32

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 17KB - Virtual size: 40KB

.rsrc Size: 96KB - Virtual size: 95KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 17KB - Virtual size: 40KB

.rsrc
Size: 96KB - Virtual size: 95KB