368fba43699c160750b6dbc34b4d8bc8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

368fba43699c160750b6dbc34b4d8bc8_JaffaCakes118
Size

23KB
MD5

368fba43699c160750b6dbc34b4d8bc8
SHA1

e151c3e61cf3ac970ce661937ce395a1b337adc6
SHA256

04b3e8f8593d27fb0afbb3492b0a6d290ec0934e956eefc82d4aa3d2227781f7
SHA512

802d2d89fa3895542a96d1c60253bceec2ea4a954a5151924cdff9b160a5c63e6a8592f046b950699cb2904573d50bd6d70e2db2080f02b0c59352c8121fa27e
SSDEEP

384:jJphZ+0rWWGwWTEbyD5o2jSU9S7pmpSXyn+ZikQ5PMC3PVwWTfNlVe8sOaWKdKv8:xZpDG9Ef2uiS7TXMBPp9wWTfvI8sxrd5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
368fba43699c160750b6dbc34b4d8bc8_JaffaCakes118

Files

368fba43699c160750b6dbc34b4d8bc8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f14ae5b0a07a3731ee896c194f57575c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathAndSubDirW
ExtractIconExW
Shell_NotifyIconA
SHGetPathFromIDListA
ShellAboutW
SHGetPathFromIDListW
SHBindToParent
SHGetFolderLocation
SHGetSpecialFolderPathW
SHGetInstanceExplorer
SHPathPrepareForWriteW
ExtractAssociatedIconExW
SHBrowseForFolderW
ExtractIconW
SHGetFileInfoW
SHAppBarMessage
ShellExecuteA
SHFileOperationW
SHGetDesktopFolder
ShellExecuteW
SHChangeNotify
DragQueryFileW
SHSetLocalizedName
SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetDataFromIDListW
ShellExecuteExW
SHCreateShellItem
Shell_NotifyIconW

kernel32

VirtualAlloc

rtutils

RouterLogEventExA
TraceDumpExA
LogErrorW
RouterLogEventStringA
RouterGetErrorStringW
RouterLogRegisterA

psapi

GetProcessImageFileNameW

uxtheme

GetThemeMargins
IsAppThemed
OpenThemeData
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeColor
GetThemeBackgroundExtent
CloseThemeData
SetWindowTheme
DrawThemeBackground
GetThemeFont
GetThemeMetric
DrawThemeParentBackground
IsThemeActive
GetThemePartSize

ddraw

DirectDrawCreate

ntdll

RtlAdjustPrivilege
NtQuerySemaphore
RtlAddAccessAllowedObjectAce
NtSuspendProcess

Sections

.text
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f14ae5b0a07a3731ee896c194f57575c

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

rtutils

psapi

uxtheme

ddraw

ntdll

Sections

.text Size: 1024B - Virtual size: 996B

.rsrc Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 80KB

.idata Size: 2KB - Virtual size: 1KB

.rdata Size: 12KB - Virtual size: 11KB

.text
Size: 1024B - Virtual size: 996B

.rsrc
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 80KB

.idata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 12KB - Virtual size: 11KB