29d561be6a08a4a4970b5371bc63e9a2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

29d561be6a08a4a4970b5371bc63e9a2_JaffaCakes118
Size

205KB
MD5

29d561be6a08a4a4970b5371bc63e9a2
SHA1

52418ac111b7da8c0c9f2d414a9e920a6acb7935
SHA256

e60cfaa791c003a183ad787fb0287925360cd2a4dc75c72c5721d4fe7d6895d1
SHA512

faaae58a9aa5e2a7b37dff772b54610b4031d3b59990213ffeea962d7e1fa6930fd8ddb7f4c9f548361be3610ce407c8da3e77887c2121a6da462f42168f0f5c
SSDEEP

6144:vW8Ixnn5g5x6Yt+QRY2zlF1gwczQb2zuZCv5kT:vRI5Ox6YtRR/f15b2CZCRS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29d561be6a08a4a4970b5371bc63e9a2_JaffaCakes118

Files

29d561be6a08a4a4970b5371bc63e9a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da18db299b0997cbb336747657f76d95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberFormatW
GetFileAttributesA
QueryPerformanceFrequency
GetEnvironmentVariableW
GetExitCodeThread
SetPriorityClass
FatalAppExitA
lstrcmpW
IsValidCodePage
GetProcAddress
lstrlenA
CreateMutexA
LoadLibraryA
lstrlenW
GetACP
AddAtomA
MulDiv

user32

CreateMenu
EnumDesktopsW
SetWindowTextA
MessageBoxIndirectA
DeleteMenu
MessageBeep
DestroyIcon
GetTopWindow
CreateAcceleratorTableA
GetDC
SendDlgItemMessageA

gdi32

GetMetaFileW
GetGlyphOutlineA
SelectBrushLocal
CreateICA
PatBlt
GetStretchBltMode
EnumICMProfilesW
StrokePath
SetSystemPaletteUse
Arc
EnumFontFamiliesExA

advapi32

RegQueryValueW
RegReplaceKeyW
RegOpenKeyExA

shell32

SHGetFileInfoA
SHGetDataFromIDListA

shlwapi

SHRegOpenUSKeyA
PathFindFileNameA
PathIsSystemFolderA
SHRegEnumUSKeyW
UrlCanonicalizeW
PathUnExpandEnvStringsW
PathGetCharTypeW
PathIsRelativeW
PathSearchAndQualifyW
PathRemoveExtensionA
PathGetDriveNumberW
wnsprintfA
PathRemoveBackslashW

sqlunirl

_ChangeDisplaySettings_@8
_GetTextExtentPoint@16
_BackupEventLog_@8
_CreateDC_@16
_GetEnhMetaFileDescription_@12
_DefDlgProc_@16
_GetPrivateProfileSection_@16
_GetModuleHandle_@4

Sections

.HwWt
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fkfKcl
Size: 4KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Tg
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tF
Size: 3KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.T
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.isUiYZ
Size: 3KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x
Size: 2KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da18db299b0997cbb336747657f76d95

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

sqlunirl

Sections

.HwWt Size: 1KB - Virtual size: 1KB

.fkfKcl Size: 4KB - Virtual size: 356KB

.Tg Size: 9KB - Virtual size: 9KB

.tF Size: 3KB - Virtual size: 385KB

.T Size: 2KB - Virtual size: 19KB

.isUiYZ Size: 3KB - Virtual size: 437KB

.x Size: 2KB - Virtual size: 378KB

.data Size: 115KB - Virtual size: 295KB

.rsrc Size: 62KB - Virtual size: 62KB

.reloc Size: 1024B - Virtual size: 624B

.HwWt
Size: 1KB - Virtual size: 1KB

.fkfKcl
Size: 4KB - Virtual size: 356KB

.Tg
Size: 9KB - Virtual size: 9KB

.tF
Size: 3KB - Virtual size: 385KB

.T
Size: 2KB - Virtual size: 19KB

.isUiYZ
Size: 3KB - Virtual size: 437KB

.x
Size: 2KB - Virtual size: 378KB

.data
Size: 115KB - Virtual size: 295KB

.rsrc
Size: 62KB - Virtual size: 62KB

.reloc
Size: 1024B - Virtual size: 624B