3b372c767957efc94fcb937821d50233_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b372c767957efc94fcb937821d50233_JaffaCakes118
Size

26KB
MD5

3b372c767957efc94fcb937821d50233
SHA1

57102b8615d4612d7f86c12f5b7230e2f7b3fa14
SHA256

2c0f3d760cdd51ca074481cb07d8322b91bfc4782889a2bcfcf99146370ffada
SHA512

04a9f013d0249d8936b8fda487060f6ad4e8f75f830e2394475748013fc08d618841044fe01f63ece8e2d5deab2d96a2045a164344d41c2c3ca6a520e40c3a01
SSDEEP

384:k8dq48nd2qQIjs21ke216wXvZzFZIhtV5cQkXMQYoQUskcQnttNNrvdrOiWi3n6x:kMJqQhH16MJHIAnjdrpWiq+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b372c767957efc94fcb937821d50233_JaffaCakes118

Files

3b372c767957efc94fcb937821d50233_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1a14dea953bdeafce59955a8fd0f23c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateServiceW
CredRenameW
ConvertSidToStringSidA
ControlTraceA
BuildTrusteeWithNameA
CancelOverlappedAccess

msvcrt

_adjust_fdiv
memmove
_initterm
free
_except_handler3
malloc

user32

CharNextW
SetMenuDefaultItem
LoadMenuW
DestroyMenu
LoadCursorW
SetWindowTextW
RegisterClipboardFormatW
CreatePopupMenu
MessageBoxW
GetMenuItemCount
LoadStringW
RemoveMenu
SetCursor
GetMenuItemInfoW
DeleteMenu
GetSubMenu
InsertMenuW
InsertMenuItemW
SendMessageW

ole32

OleSetClipboard
CoUninitialize
CoInitializeEx
CoCreateInstance
ReleaseStgMedium
CoTaskMemFree

ntdll

NtAllocateVirtualMemory
NtUnloadDriver

rpcrt4

RpcStringFreeW

shell32

SHGetFileInfoW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHBindToParent

kernel32

UnhandledExceptionFilter
DosDateTimeToFileTime
SetThreadPriority
InterlockedIncrement
GetShortPathNameW
lstrlenA
GlobalHandle
LocalFree
GlobalAlloc
LocalAlloc
GetCurrentThread
GetTempFileNameW
GetStartupInfoA
lstrcpynA
SetUnhandledExceptionFilter
lstrcmpW
lstrcpynW
FreeLibrary
_llseek
GetModuleHandleW
LocalFileTimeToFileTime
GetTickCount
GetProcAddress
lstrlenW
GetTempPathW
InterlockedDecrement
GlobalLock
GetWindowsDirectoryW
lstrcmpiW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetVersionExW
LoadLibraryW
GetCurrentThreadId
_lread
_lwrite
GlobalFree
GetSystemDirectoryW
GetModuleFileNameW
GlobalUnlock
_lclose
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess

shlwapi

StrCmpNW
SHStrDupW
StrFormatKBSizeW
StrRetToBufW
PathCombineW
PathFindFileNameW
wnsprintfW
PathAppendW
PathFindFileNameA
StrCpyNW
PathAddBackslashA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1a14dea953bdeafce59955a8fd0f23c

Headers

File Characteristics

Imports

advapi32

msvcrt

user32

ole32

ntdll

rpcrt4

shell32

kernel32

shlwapi

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 72KB

.rsrc Size: 8KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 72KB

.rsrc
Size: 8KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B