371dcee5243a67d91050f919d9bf9a1f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

371dcee5243a67d91050f919d9bf9a1f_JaffaCakes118
Size

106KB
MD5

371dcee5243a67d91050f919d9bf9a1f
SHA1

27d4952645afb31573902374846a7707e553e17b
SHA256

99abdb98e0312d1c8d3edb4958e10b6386ff29cf54cf7a3d0fb4aa63e1bd0b4d
SHA512

c576d79522d165d548c657f66f459cc51269ac6c6c40544c1dbc4a6893c2b414c5601a79c509957e2bb62af97e875afd902f25c578e45f6b9def0e7b4b179d91
SSDEEP

3072:UPwXzgijP35E4N9QoSLAHscer5KMMiU1m9:UPrim8WAHscer5KNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
371dcee5243a67d91050f919d9bf9a1f_JaffaCakes118

Files

371dcee5243a67d91050f919d9bf9a1f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f62914a15c1a9a7243abd0960e779496

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen

advapi32

AdjustTokenPrivileges
StartServiceA
CloseServiceHandle
SetSecurityDescriptorDacl
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueA
InitializeSecurityDescriptor
DeleteService

ole32

RegisterDragDrop
OleLockRunning
OleIsCurrentClipboard
OleInitialize
OleDuplicateData
DoDragDrop
CoCreateGuid
CreateILockBytesOnHGlobal
CoUninitialize
CoRegisterMessageFilter
OleSetClipboard

user32

ToAscii
SetMenuInfo
LoadCursorFromFileA
LoadAcceleratorsA
IsCharUpperA
DrawTextA
DestroyWindow
DestroyCursor
CreateIconFromResource
CreateDialogIndirectParamA
CloseWindow
CharUpperBuffA
CharUpperA
wsprintfA
OemToCharBuffA

shell32

SHBindToParent
SHGetFileInfoA
SHFileOperationA

shlwapi

PathQuoteSpacesA
StrChrA
PathIsRootA
PathCompactPathExA
PathCanonicalizeA
PathIsRelativeA
PathIsDirectoryA
StrStrIA
PathFileExistsA

msvcrt

time
strchr
sscanf
sprintf
realloc
vsprintf
_errno

kernel32

TlsAlloc
UnmapViewOfFile
VirtualFree
lstrcpyA
SetLastError
OpenFileMappingA
MapViewOfFile
HeapAlloc
GetModuleHandleA
GetDateFormatA
FreeResource
EnumResourceTypesA
Sleep

Exports

Exports

Ezd
Grg
Hea
Jih
Kgv
Krd
Omc
Pbb
Qde
Wnk
Xcu
Zhb
Zud

Sections

.text
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f62914a15c1a9a7243abd0960e779496

Headers

File Characteristics

Imports

oleaut32

advapi32

ole32

user32

shell32

shlwapi

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 28KB

.rdata Size: 30KB - Virtual size: 32KB

.data Size: 21KB - Virtual size: 24KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 28KB

.text
Size: 26KB - Virtual size: 28KB

.rdata
Size: 30KB - Virtual size: 32KB

.data
Size: 21KB - Virtual size: 24KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 28KB