29f2d38e83577fdf63788498d2b41dae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29f2d38e83577fdf63788498d2b41dae_JaffaCakes118
Size

336KB
MD5

29f2d38e83577fdf63788498d2b41dae
SHA1

b9589cd6f1eff1ebdd223da363127ea9a8639fe9
SHA256

d6532964a83dc8994be334fdd46f6eaeab46c3f0e988c89aaa448194e8c04457
SHA512

8e816f3bc01f0f71c8f3d86a5e59a103ebd283f929fd9c7a95eb4828a14cc5ea4590c889617fdcb731a5da399274ecd3727bd6201046e5a8ad57bcd0839de00e
SSDEEP

6144:ZgyW7WUa00a2kwr6do+L6Ut1gcqVrcZk1YCi49x+zE6qoCl8:nWCf0rwmdoi6E1mV4C7x9x+0B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29f2d38e83577fdf63788498d2b41dae_JaffaCakes118

Files

29f2d38e83577fdf63788498d2b41dae_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3468b45966965eb61ebe5532afc7ce89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatW
ReleaseSemaphore
GetCommModemStatus
EnumSystemCodePagesA
GetACP
GlobalUnlock
WritePrivateProfileStringA
GetCommandLineW
VirtualProtect
GetVersionExA
DuplicateHandle
FatalAppExitA
EnumTimeFormatsW
GetDriveTypeW
GetEnvironmentVariableW
FlushConsoleInputBuffer
GetModuleFileNameW
FreeLibraryAndExitThread
QueryDosDeviceA
_lopen
CreateWaitableTimerA
GetTimeZoneInformation
GenerateConsoleCtrlEvent
GetBinaryTypeW
GetSystemTimeAdjustment
GetTempPathW
EnumCalendarInfoA
GetComputerNameW
LocalSize
EnumDateFormatsW
ConnectNamedPipe
ScrollConsoleScreenBufferA
MoveFileExA
EndUpdateResourceA
GetHandleInformation
FreeEnvironmentStringsA
LocalAlloc
GetLocaleInfoW
ExitProcess
AllocConsole
GetShortPathNameW
OpenSemaphoreW
GetCommandLineA
VirtualQueryEx

user32

EndDialog
HiliteMenuItem
FlashWindowEx
EnumDisplaySettingsExW
EnumDesktopsW
ChangeClipboardChain
SetProcessWindowStation
OpenDesktopW
GetWindowTextW
ToAscii
GetClientRect
ScrollWindow
GetKeyboardLayoutNameW
GetParent
DefDlgProcW
OemKeyScan
CreatePopupMenu
GetClassInfoA
GetWindowRgn
LoadBitmapW
GetIconInfo
GetClassInfoExW
SetParent
KillTimer
EnumDisplaySettingsW
LoadKeyboardLayoutW
PtInRect

gdi32

GetCharWidth32W
Ellipse
CopyEnhMetaFileW
SetDIBColorTable
TextOutW
GetEnhMetaFileHeader
GetFontData
CreateEnhMetaFileA
CopyEnhMetaFileA
SetTextJustification
CreateCompatibleBitmap

comdlg32

FindTextA
GetSaveFileNameA
PageSetupDlgW

advapi32

AddAccessAllowedAce
CryptGenKey
SetTokenInformation
CreateServiceA
CreateProcessAsUserW
RegQueryValueExA
ChangeServiceConfigA
RegSetKeySecurity
NotifyBootConfigStatus
QueryServiceConfigW
RegEnumKeyA
RegEnumKeyW
RegSetValueExW
RegEnumValueW
SetSecurityDescriptorOwner
CryptSignHashW
PrivilegeCheck
InitiateSystemShutdownW
CryptGetHashParam
OpenEventLogW
UnlockServiceDatabase

shell32

SHFileOperationW
SHGetPathFromIDListA

ole32

GetClassFile
CoLockObjectExternal

oleaut32

SafeArrayRedim
SafeArrayGetElement
SetErrorInfo
QueryPathOfRegTypeLi
SysAllocStringLen
SafeArrayPutElement

shlwapi

StrCmpIW
PathIsRelativeW
wvnsprintfW
StrStrIW
SHSetValueW
PathFindOnPathW
PathRelativePathToW
StrStrIA
StrRChrA
StrRChrW
StrCpyNW
PathRemoveBackslashW
UrlCreateFromPathW
PathQuoteSpacesA
PathAddBackslashW
PathUndecorateW
StrRetToBufW

setupapi

SetupDiClassNameFromGuidExA
SetupDiSetClassInstallParamsA
SetupDiSetDeviceRegistryPropertyA

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3468b45966965eb61ebe5532afc7ce89

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

Sections

.text Size: 296KB - Virtual size: 295KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 32KB - Virtual size: 30KB

.text
Size: 296KB - Virtual size: 295KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 32KB - Virtual size: 30KB