357e582ba35e97c6fa5491923d43fb5a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

357e582ba35e97c6fa5491923d43fb5a_JaffaCakes118
Size

169KB
MD5

357e582ba35e97c6fa5491923d43fb5a
SHA1

af715acda03f8ad74dfc71c3fcf65a92cd9d6851
SHA256

6f9a676ec43cc62e3eeec3b40d385b046c4396e4e3a55990889d5ecf9bea26fc
SHA512

04a8b98c9db3b085bfbcb2fa56efc868a6976a0062b0bfca02236e61b72662b869221c72ee8bd8bac3890e4a810d187c0e21e5e84831fd5bc20ec2e7f2018472
SSDEEP

3072:ZasbPLZ+f/cJwgGR56yWXdJ874hgnVqgXx+pD1ej9NB2x7u:sszLIoXXdDhQVqgXx+phkNB24

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
357e582ba35e97c6fa5491923d43fb5a_JaffaCakes118

Files

357e582ba35e97c6fa5491923d43fb5a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

040ebf51168e5de02e408a681b484b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
SetLastError
MulDiv
GetStringTypeA
RaiseException
GetCPInfo
ExitProcess
GetCurrentProcessId
LocalAlloc
CreateThread
GetVersion
GetUserDefaultLCID
GetProcessHeap
FindClose
LoadResource
ResetEvent
lstrcpyA
GetEnvironmentStrings
GetTickCount
MoveFileExA
FindFirstFileA
SetEndOfFile
GetStartupInfoA
LoadLibraryExA
MoveFileA
VirtualAlloc
GetACP
SetThreadLocale
HeapFree
GetThreadLocale
GetVersionExA
GetFileAttributesA
VirtualAllocEx
GetFileSize
HeapDestroy
GetModuleHandleA
GetCurrentThread
GetOEMCP
SetFilePointer
VirtualFree
GetStringTypeW
GetCurrentProcess
GetCommandLineA
CompareStringA
lstrcpynA
WaitForSingleObject
LoadLibraryA
ExitThread
GetLocaleInfoA
GlobalAlloc
GetLastError
GetDateFormatA
CreateFileA
lstrlenA
LockResource
LocalFree
GetDiskFreeSpaceA
SetErrorMode
InitializeCriticalSection
FormatMessageA
FreeLibrary
GetLocalTime
Sleep

comdlg32

GetSaveFileNameA

comctl32

ImageList_DrawEx
ImageList_Add
ImageList_Write
ImageList_GetBkColor
ImageList_DragShowNolock
ImageList_Remove
ImageList_Create
ImageList_Read

msvcrt

malloc
memcpy
tan
strcmp
memmove

user32

EnumThreadWindows
GetActiveWindow
GetScrollRange
RegisterClassA
GetParent
GetLastActivePopup
BeginPaint
IsWindowEnabled
GetCursor
DefMDIChildProcA
IsDialogMessageA
EndDeferWindowPos
DrawFrameControl
GetClassInfoA
GetDCEx
CallNextHookEx
GetForegroundWindow
IsWindowVisible
GetWindow
GetDC
GetSubMenu
SetCursor
DefWindowProcA
DispatchMessageW
GetKeyNameTextA
DrawMenuBar
ShowScrollBar
ClientToScreen
GetClassLongA
DeferWindowPos
MessageBoxA
GetDesktopWindow
GetSysColor
GetWindowTextA
IsChild
EnableScrollBar
FrameRect
CharToOemA

ole32

CoUnmarshalInterface
CoDisconnectObject
CoCreateGuid
CreateOleAdviseHolder
PropVariantClear
GetHGlobalFromStream
CoReleaseMarshalData
CLSIDFromProgID
CoGetObjectContext

oleaut32

SafeArrayUnaccessData
GetErrorInfo
RegisterTypeLib
VariantCopyInd
SysFreeString
SafeArrayCreate
OleLoadPicture
SafeArrayGetUBound
SysStringLen

gdi32

CreateDIBitmap
CreateCompatibleDC
CreatePalette
CreateBrushIndirect
GetObjectA
SelectPalette

version

VerFindFileA

Sections

CODE
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

040ebf51168e5de02e408a681b484b6d

Headers

File Characteristics

Imports

kernel32

comdlg32

comctl32

msvcrt

user32

ole32

oleaut32

gdi32

version

Sections

CODE Size: 52KB - Virtual size: 52KB

DATA Size: 512B - Virtual size: 72KB

BSS Size: 115KB - Virtual size: 114KB

CODE
Size: 52KB - Virtual size: 52KB

DATA
Size: 512B - Virtual size: 72KB

BSS
Size: 115KB - Virtual size: 114KB