31f98710e689e0ebd9fcd24dd1e6f790_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31f98710e689e0ebd9fcd24dd1e6f790_JaffaCakes118
Size

390KB
MD5

31f98710e689e0ebd9fcd24dd1e6f790
SHA1

096910aec2f7ea7ef096926254eafdb648ce20f2
SHA256

f55f0a3aa4e67bc32ac5ab9a2a69fa9ff9f79bbf2760d3d731d598e757ab15aa
SHA512

74154c5e3124c62340f95a9c08ebe3f04060e0f6e96d19f8f110a659e902619a12af11b09144158faddaeafb4417d2f73e508c1671477335326214c38ba9dba5
SSDEEP

12288:Ml5fUp6KjHUaCxiPPFGR1TBLh/s9rS5F:M3UbjNbnFG5yZS5F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31f98710e689e0ebd9fcd24dd1e6f790_JaffaCakes118

Files

31f98710e689e0ebd9fcd24dd1e6f790_JaffaCakes118
.exe windows:4 windows x86 arch:x86

013028eb62bc4956e8556ecef45425df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyA
ReportEventW
RegSetValueA
CryptAcquireContextA
CryptSetKeyParam
CryptExportKey
RegFlushKey
CryptGetKeyParam
RegQueryInfoKeyA
CryptDuplicateKey

shell32

SHBrowseForFolderW
RealShellExecuteExA
ExtractIconExA
ShellAboutW
DoEnvironmentSubstA
SHChangeNotify
SHGetDesktopFolder
ExtractIconW
SHEmptyRecycleBinA
SHInvokePrinterCommandW

gdi32

Arc
GetColorAdjustment
PlayEnhMetaFileRecord
ResizePalette
FlattenPath
SetDeviceGammaRamp
DeleteEnhMetaFile
CancelDC
GetStretchBltMode
GetPaletteEntries
PathToRegion
ExtSelectClipRgn
CreateDCA
ExtEscape
ExtTextOutA
Escape
UpdateICMRegKeyA
GetRegionData
GetTextExtentExPointW
StretchBlt
CreatePatternBrush
GetICMProfileA
SetICMProfileW
SetDIBits

comdlg32

ChooseColorA
FindTextA
ChooseColorW
GetOpenFileNameA

kernel32

TerminateProcess
GetFileType
TlsFree
GetTickCount
ExitProcess
VirtualAlloc
GetCurrentProcessId
GetCPInfo
GetOEMCP
ReleaseSemaphore
EnumCalendarInfoA
GetEnvironmentStrings
GetLastError
InterlockedExchange
FreeEnvironmentStringsA
UnlockFileEx
WideCharToMultiByte
LCMapStringA
GetCurrentProcess
LeaveCriticalSection
VirtualFree
GetStringTypeA
DeleteCriticalSection
HeapDestroy
HeapReAlloc
GetVolumeInformationW
TlsAlloc
IsBadWritePtr
LCMapStringW
VirtualQuery
GetProcessShutdownParameters
GetModuleFileNameA
GetEnvironmentStringsW
GetCurrentThread
UnhandledExceptionFilter
FreeEnvironmentStringsW
HeapCreate
GetCurrentThreadId
WaitForMultipleObjectsEx
GetVersion
SetEndOfFile
SetConsoleCursorPosition
MultiByteToWideChar
GetCommandLineA
GetACP
GetSystemTimeAsFileTime
LoadLibraryA
lstrcpyW
InitializeCriticalSection
EnterCriticalSection
LocalCompact
GetSystemDirectoryA
HeapFree
GetStringTypeW
QueryPerformanceCounter
SetLastError
GetStartupInfoA
GetModuleHandleA
TlsSetValue
HeapAlloc
RtlUnwind
SetHandleCount
WriteFile
TlsGetValue
GetStdHandle
GetProcAddress

user32

IsWindowUnicode
SetClassLongA
GetSysColor
CallMsgFilterW
ShowScrollBar
CharUpperBuffW
WindowFromDC
DdePostAdvise
RegisterClassW
EmptyClipboard

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

013028eb62bc4956e8556ecef45425df

Headers

File Characteristics

Imports

advapi32

shell32

gdi32

comdlg32

kernel32

user32

Sections

.text Size: 115KB - Virtual size: 115KB

.data Size: 266KB - Virtual size: 270KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 115KB - Virtual size: 115KB

.data
Size: 266KB - Virtual size: 270KB

.rsrc
Size: 8KB - Virtual size: 7KB