3267eea7c2600934b115347bc8a5fa61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3267eea7c2600934b115347bc8a5fa61_JaffaCakes118
Size

240KB
MD5

3267eea7c2600934b115347bc8a5fa61
SHA1

c2e88a3cd9ba66444e83b0c768aad020264b278e
SHA256

16c2026b70e71bca5bea2b0311f789d215423346ffd11dcfb1b2eb42e9497ff8
SHA512

fbd67304235172fba2276ab3fb22b623b4c61c1d9040678288b6da4bd94aeb287aab7953b61a3abaf4df578089ae8b2e7449b8e14df0f048c67d34b9baaead10
SSDEEP

3072:PdCT43WgwDRByynVBy/FmeBBTSnX7xRlGZ3ehnZXYzrDvxHMOU2XcrMsj2faPPn7:pdqBHVxQCrxbGZ4X8ZMOU8uPi6Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3267eea7c2600934b115347bc8a5fa61_JaffaCakes118

Files

3267eea7c2600934b115347bc8a5fa61_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee1eebf91e2a006547d0ce74237add63

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

comctl32

ImageList_Destroy
ImageList_Draw
ImageList_GetBkColor
ImageList_Create
ImageList_DrawEx

msvcrt

atan
acos
rand
wcstol
wcscspn
time
memcmp

version

VerQueryValueA
GetFileVersionInfoSizeA
VerInstallFileA

ole32

CoCreateGuid
CoGetMalloc

advapi32

RegLoadKeyA
RegOpenKeyA

gdi32

SetTextColor
GetDIBits
GetRgnBox
CreateBrushIndirect
BitBlt
CreatePalette

kernel32

GetModuleHandleW
ReadFile
GetProcAddress
GetStartupInfoA
GetLastError
GetVersionExA
lstrcatA
IsBadReadPtr
FormatMessageA
GetCommandLineA
VirtualAlloc
ExitThread
LoadLibraryExA
lstrlenW
LoadLibraryA
GetStringTypeA
GetFileType
ExitProcess
VirtualAllocEx
GlobalAlloc
lstrlenA
GetModuleHandleA

user32

SetScrollPos
SetScrollInfo

Sections

CODE
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RSRC3
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RSRC8
Size: 154B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RSRC4
Size: 666B - Virtual size: 666B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RSRC2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RSRC9
Size: 871B - Virtual size: 871B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RSRC6
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 924B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee1eebf91e2a006547d0ce74237add63

Headers

File Characteristics

Imports

comctl32

msvcrt

version

ole32

advapi32

gdi32

kernel32

user32

Sections

CODE Size: 60KB - Virtual size: 60KB

.data Size: 141KB - Virtual size: 141KB

.RSRC3 Size: 1KB - Virtual size: 1KB

.RSRC8 Size: 154B - Virtual size: 154B

.RSRC4 Size: 666B - Virtual size: 666B

.RSRC2 Size: 1KB - Virtual size: 1KB

.RSRC9 Size: 871B - Virtual size: 871B

.RSRC6 Size: 1KB - Virtual size: 1KB

.rsrc Size: 924B - Virtual size: 924B

CODE
Size: 60KB - Virtual size: 60KB

.data
Size: 141KB - Virtual size: 141KB

.RSRC3
Size: 1KB - Virtual size: 1KB

.RSRC8
Size: 154B - Virtual size: 154B

.RSRC4
Size: 666B - Virtual size: 666B

.RSRC2
Size: 1KB - Virtual size: 1KB

.RSRC9
Size: 871B - Virtual size: 871B

.RSRC6
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 924B - Virtual size: 924B