30dfe4fcf788a17d5b6cd4e65985585c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

30dfe4fcf788a17d5b6cd4e65985585c_JaffaCakes118
Size

208KB
MD5

30dfe4fcf788a17d5b6cd4e65985585c
SHA1

d8be705e67f6444bd12d358b7d6f5bef3d2f8373
SHA256

7707144c81e63c675a19f53ab161ae5d538dd53e8090c23b2056eef726482a38
SHA512

2cdf1d9fd72336abfc19d803f57f2cf8b8a0b35b4a3213d2dcee259991b836af0bb86afc8375739f1c0b31e4b0faa8146c0c0d6336b863acc7def10691da84d9
SSDEEP

3072:qsIbkttKFHyFeKLUVGGKusRLsLHahgKNJXtnuwrcemxkr186pGJ6PIsjCuuj2HyV:FViHue/DJELSa3HtnuwXkXAijGbjl8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30dfe4fcf788a17d5b6cd4e65985585c_JaffaCakes118

Files

30dfe4fcf788a17d5b6cd4e65985585c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

386e17f39a7101ae57059a54a838d7e9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

rpcrt4

NdrClientCall
RpcStringBindingComposeA
RpcBindingFromStringBindingA
RpcBindingSetAuthInfoA
RpcStringFreeA

comdlg32

GetFileTitleA

ole32

CoFreeUnusedLibraries
OleRun
ProgIDFromCLSID
OleDuplicateData
StgCreateDocfileOnILockBytes
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
GetHGlobalFromILockBytes
CoGetClassObject
RegisterDragDrop
GetHGlobalFromStream
OleGetAutoConvert
ReleaseStgMedium
CoTaskMemAlloc
CLSIDFromString
RevokeDragDrop
OleRegGetUserType
CLSIDFromProgID
CoCreateInstance
StringFromCLSID
CoGetMalloc
CoTaskMemFree
CoCreateGuid
CreateILockBytesOnHGlobal

user32

UnhookWindowsHookEx
SetClipboardData
DestroyCursor
SetWindowPos
MonitorFromWindow
ClipCursor
CallNextHookEx
ChildWindowFromPoint
DefWindowProcW
DrawEdge
GetSysColorBrush
RegisterClassW
ToAscii
DestroyIcon
SetScrollRange
EmptyClipboard
SetWindowsHookExW
WinHelpW
IsClipboardFormatAvailable
GetSysColor

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_Add
ImageList_Destroy

kernel32

GetUserDefaultLangID
CreateFiber
LocalAlloc
VerLanguageNameW
GetVersionExW
WriteFileGather
UnlockFile
SetEndOfFile
FileTimeToLocalFileTime
GetFileTime
EnumResourceNamesW
GetFileAttributesA
GetFileType
FileTimeToSystemTime
FindResourceExA
FlushFileBuffers
LockFile
GetProfileStringW
GetSystemTime
FlushFileBuffers
IsDBCSLeadByte
CompareStringW
SearchPathW
GetVolumeInformationW
GetSystemDirectoryW

shlwapi

PathIsRootW
PathStripToRootW
PathIsRelativeW
PathIsURLW
PathCanonicalizeW
PathCombineW

Sections

.text
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

386e17f39a7101ae57059a54a838d7e9

Headers

File Characteristics

Imports

rpcrt4

comdlg32

ole32

user32

comctl32

kernel32

shlwapi

Sections

.text Size: 185KB - Virtual size: 184KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 18KB - Virtual size: 18KB

.lib Size: 512B - Virtual size: 92KB

.text
Size: 185KB - Virtual size: 184KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 18KB - Virtual size: 18KB

.lib
Size: 512B - Virtual size: 92KB