3246f79dc13eebfca394b452f86db4d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3246f79dc13eebfca394b452f86db4d1_JaffaCakes118
Size

403KB
MD5

3246f79dc13eebfca394b452f86db4d1
SHA1

04852eb5702a38b2f32bd97aeef1b74249f6970b
SHA256

3c8b2f37750303892aa3e6358861c8963d6a31cf257ef540f46ecb3f12e212be
SHA512

ba7c9cdc1f20ad1e259067ec2b6c79372c87a7cec677971109a6c77a6cd534328812f2876f529c1dbc7a0e8d9c7897f612c5b3056b3588405758e8bd974a26e0
SSDEEP

6144:L5jRc7Pjb557Uids6wXO/BBfOYk/MBocIZt0TSzCd4QBTREk5lBGQzo:L5277UxFO/BBU/pJt0TSwJpBL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3246f79dc13eebfca394b452f86db4d1_JaffaCakes118

Files

3246f79dc13eebfca394b452f86db4d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a07ca3e50f3f2200ec7074ddd61a568d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

UnrealizeObject
GetTextExtentPointW
GetCharABCWidthsA
SetMetaRgn
SetFontEnumeration

user32

MsgWaitForMultipleObjectsEx
LoadBitmapA
SetWinEventHook
GetKeyboardType
TrackMouseEvent
GetProcessWindowStation
UnhookWinEvent
DestroyIcon
SubtractRect
OemToCharBuffA
CreateIconIndirect
UnregisterDeviceNotification
SendNotifyMessageA
LoadStringW
RegisterClipboardFormatA
SetMessageQueue
CreateWindowExA
DrawStateW
BroadcastSystemMessage

shell32

SHAppBarMessage
SHEmptyRecycleBinA
SHGetFileInfoW

advapi32

RegEnumKeyExA
RegQueryValueExW
RegSetValueExA
InitiateSystemShutdownW
CryptDeriveKey
RevertToSelf
RegQueryInfoKeyW
RegLoadKeyW
CryptGenKey
GetUserNameA
DuplicateToken
CreateServiceA
RegEnumValueA
LookupAccountNameA
LookupSecurityDescriptorPartsW
LookupPrivilegeValueW
RegDeleteValueW
CryptGetHashParam
RegDeleteKeyA
RegSetValueA
AbortSystemShutdownW
RegSetKeySecurity

kernel32

WaitForSingleObjectEx
HeapAlloc
RtlUnwind
GetCurrentThreadId
InterlockedExchange
GetModuleHandleA
TerminateProcess
GetCurrentProcess
VirtualAlloc
LoadLibraryA
GetSystemTimeAsFileTime
GetProcAddress
VirtualQuery
HeapCreate
AddAtomA
SetCurrentDirectoryW
HeapFree
GetTickCount
QueryPerformanceCounter
ExitProcess
GetModuleFileNameA
HeapReAlloc
GetCurrentProcessId

comdlg32

ReplaceTextW
GetOpenFileNameW
GetSaveFileNameA
GetFileTitleA
GetSaveFileNameW
ChooseColorA
LoadAlterBitmap
PrintDlgA
GetOpenFileNameA
PageSetupDlgW
ChooseFontA
FindTextA
PageSetupDlgA

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a07ca3e50f3f2200ec7074ddd61a568d

Headers

File Characteristics

Imports

gdi32

user32

shell32

advapi32

kernel32

comdlg32

Sections

.text Size: 127KB - Virtual size: 127KB

.data Size: 265KB - Virtual size: 265KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 127KB - Virtual size: 127KB

.data
Size: 265KB - Virtual size: 265KB

.rsrc
Size: 9KB - Virtual size: 9KB