310b61438ef584e9bb5a0780cdfbad91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

310b61438ef584e9bb5a0780cdfbad91_JaffaCakes118
Size

159KB
MD5

310b61438ef584e9bb5a0780cdfbad91
SHA1

4296f510439f65e201ca3992c2436ea84523dc94
SHA256

585d709b64367ab7f0091a5546d60c879f52366391cf51acc86ef04819820f9e
SHA512

1e49a66444101690a6d92e402b47aaaf30023805531bf64097fab2767f4e036e1bbb7844d2ba81a53deb4454147db7e73ebbcd086b179692fe38c8b77478841e
SSDEEP

3072:Q9wz4SbOlE9l0LrDylhdfHDGgnJLR2lzpJSk0PEJwhZHqgxtLe785M:o+18kOLaJH6gJLQlzOEJwhZHqgxt7i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
310b61438ef584e9bb5a0780cdfbad91_JaffaCakes118

Files

310b61438ef584e9bb5a0780cdfbad91_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9035561f4fede8a2d2b4b42673f1c3b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

fgets
_except_handler3
_controlfp
_wcslwr
_initterm
log10
__mb_cur_max
_XcptFilter
__setusermatherr
_acmdln
exit
_write
_snprintf
__p__commode
__getmainargs
_itoa
wcschr
_onexit
strlen
__set_app_type
fclose
__p__fmode
_fileno
_adjust_fdiv

kernel32

CreateFileMappingA
IsDebuggerPresent
GetStartupInfoW
ExitProcess
GetTimeZoneInformation
GetFullPathNameA
GetCurrentProcessId
GetModuleHandleA
GetStartupInfoA
VirtualProtect

ole32

CoDisconnectObject
StringFromCLSID
RegisterDragDrop
StgOpenStorageOnILockBytes
StgOpenStorage
CoUninitialize
CoRevokeClassObject
CoTaskMemRealloc
RevokeDragDrop
CoFreeUnusedLibraries

comctl32

ImageList_DrawEx
ImageList_DragEnter
ImageList_Write
CreatePropertySheetPageA
PropertySheetA
InitCommonControls
ImageList_Create
ImageList_BeginDrag

user32

IsRectEmpty
GetMessageA
GetSystemMenu
IsWindow

gdi32

GetWindowExtEx
AbortDoc
ExtCreatePen
DeleteObject
EndPath
GetTextMetricsW
CreateEllipticRgn
SetTextCharacterExtra
BitBlt
GetEnhMetaFileBits
SetPolyFillMode
GetTextAlign
BeginPath

version

VerFindFileW
GetFileVersionInfoA
VerInstallFileA
VerQueryValueA
VerLanguageNameA
VerQueryValueW

shell32

SHGetSpecialFolderPathA
SHGetDiskFreeSpaceExW
ShellExecuteExW
SHGetSpecialFolderLocation
SHFileOperationW
SHCreateDirectoryExA
SHGetPathFromIDListW
ExtractIconExA

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegSetValueExA
SetSecurityDescriptorGroup
CheckTokenMembership
RegFlushKey
RegOpenKeyA
AdjustTokenPrivileges
RegCloseKey
FreeSid
RegEnumKeyExW
RegEnumValueA

oleaut32

LoadTypeLib
GetErrorInfo
SafeArrayGetElement
VariantCopyInd
VariantClear
SafeArrayPutElement
SafeArrayGetUBound
SysReAllocStringLen
SafeArrayRedim

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 121KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9035561f4fede8a2d2b4b42673f1c3b8

Headers

File Characteristics

Imports

msvcrt

kernel32

ole32

comctl32

user32

gdi32

version

shell32

advapi32

oleaut32

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 17KB - Virtual size: 39KB

.rsrc Size: 121KB - Virtual size: 192KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 17KB - Virtual size: 39KB

.rsrc
Size: 121KB - Virtual size: 192KB