2ddb52cabd13c6395672c47853cb875f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ddb52cabd13c6395672c47853cb875f_JaffaCakes118
Size

1.6MB
MD5

2ddb52cabd13c6395672c47853cb875f
SHA1

f9ba1ad92474162ec16852ff6574bcffaee362ac
SHA256

e100588f292896271ca91249e8656c9edcc78ad325cd77c1433b26823e9d3372
SHA512

13db493f2c88754b6d411a2fa428fb624c5b510612e49c30153e6a4cfe18b06cff1d28f194a63e3746f0784adb5928bd1b20848bb17061824b44c238fe26efca
SSDEEP

49152:5Jr01bKx84ZiJOmKjQbOATgxRt/mMxAHzD52z:701o84YytdxAHp2z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ddb52cabd13c6395672c47853cb875f_JaffaCakes118

Files

2ddb52cabd13c6395672c47853cb875f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3180b194283b8d4402c00e7e9ae3754

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

VirtualAllocEx
LocalAlloc
GetCurrentProcess
LocalReAlloc
VirtualAlloc
lstrlenA
GetThreadLocale
GetOEMCP

shell32

SHFileOperationA
DragQueryFileA
SHGetFileInfoA
SHGetDesktopFolder

ole32

StringFromIID
CoGetMalloc
CLSIDFromString
StgOpenStorage
CoCreateInstanceEx
CoCreateFreeThreadedMarshaler
OleRun
WriteClassStm

user32

GetDlgItem
CreatePopupMenu
InsertMenuA
GetWindowTextA
GetMenuItemCount
CharNextA
GetFocus
GetWindowThreadProcessId
InflateRect

gdi32

GetObjectA
GetDIBits
CreateCompatibleDC
CreateBitmap
CreateFontIndirectA
GetRgnBox
SaveDC
GetTextAlign
GetBkColor
GetDIBColorTable

advapi32

RegOpenKeyA
RegDeleteValueA

comctl32

ImageList_GetBkColor
ImageList_Write
ImageList_Read
ImageList_Add
ImageList_Destroy
ImageList_Remove

shlwapi

PathIsDirectoryA
PathFileExistsA

version

VerQueryValueA
VerInstallFileA
GetFileVersionInfoSizeA

comdlg32

FindTextA
GetOpenFileNameA
ChooseColorA
GetSaveFileNameA
GetFileTitleA

oleaut32

SysFreeString
SafeArrayUnaccessData
SysAllocStringLen
SysReAllocStringLen
VariantChangeType

Exports

Exports

P@8
N@20
_gbu@24
_F3R@8
o@20
6xd@16
zHf@4
_Q1
FVO@4
t_@8
NEM
Rdv
83@20
g3@24
uq
yxK
B
_Ij@4
_6n@24
_b9
L
_qF@20
_k0
_r4@12
X@24
_G@16
N
_vip
_51
J@24
_f
__
e
_Cz@8
68V
_yL@4
_tp@20
d
_VUM@20
O1
f@4
_LsH
_S@16
_0s
J00
k5B@8
H@24
A@20
f5

Sections

.text
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLS
Size: 1KB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RES
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3180b194283b8d4402c00e7e9ae3754

Headers

File Characteristics

Imports

kernel32

shell32

ole32

user32

gdi32

advapi32

comctl32

shlwapi

version

comdlg32

oleaut32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 12KB

DATA Size: 1.5MB - Virtual size: 1.5MB

TLS Size: 1KB - Virtual size: 4.4MB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 1024B - Virtual size: 4KB

BSS Size: 1KB - Virtual size: 4KB

.RES Size: 24KB - Virtual size: 28KB

.text
Size: 9KB - Virtual size: 12KB

DATA
Size: 1.5MB - Virtual size: 1.5MB

TLS
Size: 1KB - Virtual size: 4.4MB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 1024B - Virtual size: 4KB

BSS
Size: 1KB - Virtual size: 4KB

.RES
Size: 24KB - Virtual size: 28KB