29e19680471d09b750c6d071d4350f4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29e19680471d09b750c6d071d4350f4d_JaffaCakes118
Size

397KB
MD5

29e19680471d09b750c6d071d4350f4d
SHA1

35a7d54f079ff28e0dab2671773f0f970220da91
SHA256

ea2a0d4243a3fd67c35523febe6b4e663cce17c67fe4bc24229ae23c4cae0626
SHA512

59972fedf9a3ea3bfeaf87ecbce9c5a78b606602b4c68ad43c73962885c2558be51db47fd2627c2821735623b5e7d6ea1ffb7f341e8960fc27d892a2eaf0eefc
SSDEEP

6144:Snu37k5hChQFVVO/Gr+wo/jmF1Lbsob/TsqBcO6yi3nBcWv4+MQ:Sn+7/iOOYrmFVlTncOoGWvrM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29e19680471d09b750c6d071d4350f4d_JaffaCakes118

Files

29e19680471d09b750c6d071d4350f4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5d5bf896a57b904719d0f0a2e0000349

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileW
ExtractIconExW
SHGetMalloc
SHGetFileInfo
SHGetSpecialFolderPathA
DoEnvironmentSubstW

comdlg32

ReplaceTextW
ReplaceTextA
GetFileTitleA
LoadAlterBitmap
ChooseColorA
PageSetupDlgA
FindTextW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgA

user32

DialogBoxIndirectParamW
CharToOemBuffA
OpenClipboard
GetKeyboardLayoutNameW
ValidateRect
IsDialogMessageA
DdeCreateStringHandleW
SetMenu
SetSystemCursor
EnumDisplayDevicesW
LoadCursorA

advapi32

LookupPrivilegeValueA
ReportEventW
CryptAcquireContextW
RegCloseKey
RegQueryInfoKeyA
CryptGenRandom
CryptGenKey
RegCreateKeyA
CryptSignHashA
RegLoadKeyW
RegOpenKeyExA
CryptDuplicateKey
CryptHashData
CryptGetUserKey
RegQueryValueExA
CryptSetProvParam
RegEnumValueW
RegEnumKeyExA
RegDeleteKeyA
CryptVerifySignatureA
RegEnumKeyW
RegOpenKeyExW
RegRestoreKeyA

kernel32

OpenMutexW
TerminateProcess
GetProcAddress
HeapFree
GetCurrentProcess
TlsSetValue
GetTickCount
CreateProcessW
LocalUnlock
GetShortPathNameA
HeapAlloc
VirtualQuery
GetCalendarInfoW
QueryPerformanceCounter
GetCurrentDirectoryA
GetNamedPipeHandleStateW
RtlUnwind
ReadFile
SetLocalTime
GetSystemTimeAsFileTime
SetConsoleWindowInfo
EnumCalendarInfoExA
SetVolumeLabelA
HeapReAlloc
CompareStringA
InterlockedExchange
GetAtomNameA
GetCurrentThreadId
GetModuleHandleA
TlsGetValue
ExitProcess
GetCurrentProcessId
VirtualAlloc
FindResourceExA
LoadLibraryA
SetThreadPriority
GetModuleFileNameA
GetCommandLineA
SetConsoleMode
WaitForSingleObject

gdi32

GetCharWidthFloatW

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d5bf896a57b904719d0f0a2e0000349

Headers

File Characteristics

Imports

shell32

comdlg32

user32

advapi32

kernel32

gdi32

Sections

.text Size: 128KB - Virtual size: 127KB

.data Size: 264KB - Virtual size: 264KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 128KB - Virtual size: 127KB

.data
Size: 264KB - Virtual size: 264KB

.rsrc
Size: 3KB - Virtual size: 3KB