381418ae3d30a53ee764841523ab629e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

381418ae3d30a53ee764841523ab629e_JaffaCakes118
Size

2.0MB
MD5

381418ae3d30a53ee764841523ab629e
SHA1

bb834e2e7f28a4e365f58707fe82626ddb0f9b48
SHA256

dbc25825ce5d6cb5dc4b91c09036dc1b8a7b9db47d5a90060f45bd1a34b5f48a
SHA512

a63154f34fcf90773f657c70e345d69bc0cb24e1452433812f320dc25f44b9bc26662f1846cde899869c2ba4a367beed32cd8f85f99c8ae738be957506ddfecf
SSDEEP

49152:ZmPvvFa9VQBj8NlZADC6cqH0cSORBuyPlToDQ+ctElb:ZmP1aK8RiC6cqUcSCBu4TPgb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
381418ae3d30a53ee764841523ab629e_JaffaCakes118

Files

381418ae3d30a53ee764841523ab629e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00a4dacd476e110d3ec9db40b8798b57

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EndDialog
GetClassInfoW
DispatchMessageA
CallNextHookEx

kernel32

GetLastError
CloseHandle
GetCommandLineA
GetProcessHeap
LoadLibraryW
DisableThreadLibraryCalls
SetLastError
VirtualFree
ExitProcess
GetModuleHandleA
GetCurrentProcess
GetVersionExA
GetCurrentThreadId
CreateThread
VirtualAlloc
GetTickCount
GlobalAlloc
VirtualFree
VirtualAlloc
GetLastError
GetModuleHandleA
GetTickCount
GetCommandLineA
GetDateFormatW
DisableThreadLibraryCalls
FindFirstFileA
ExitProcess
GetCurrentProcess

comdlg32

PrintDlgA
CommDlgExtendedError
ChooseFontW
GetFileTitleA
GetOpenFileNameA
GetOpenFileNameW
GetFileTitleW
ChooseColorA
GetSaveFileNameA
GetSaveFileNameW

comctl32

ImageList_GetImageCount
ImageList_SetBkColor
CreatePropertySheetPageA
CreateStatusWindowW
ImageList_Draw
ImageList_AddMasked
InitCommonControls

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

gdi32

StartPage
GetObjectW
GetCurrentPositionEx
StartPage

msvcrt

_controlfp
_adjust_fdiv
strrchr
swprintf
_cexit
floor
_wcsdup
_ultow
_local_unwind2
__dllonexit
_fileno
malloc

ntdll

RtlConvertSidToUnicodeString
RtlSetEnvironmentVariable
RtlMultiByteToUnicodeN
NtTerminateProcess
NtQuerySymbolicLinkObject
NtImpersonateAnonymousToken
NtAllocateLocallyUniqueId
RtlFreeHeap
RtlRunDecodeUnicodeString

ole32

CoCreateGuid
CLSIDFromString
CoGetClassObject
CoCreateInstance
CoUnmarshalInterface
CoGetMalloc
CreateOleAdviseHolder
CoSetProxyBlanket
ReleaseStgMedium

advapi32

OpenProcessToken
FreeSid
RegCreateKeyExA
RegEnumKeyExW
RegOpenKeyExA

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 883KB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 861KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00a4dacd476e110d3ec9db40b8798b57

Headers

File Characteristics

Imports

user32

kernel32

comdlg32

comctl32

version

gdi32

msvcrt

ntdll

ole32

advapi32

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 239KB - Virtual size: 239KB

.idata Size: 883KB - Virtual size: 6.3MB

.bss Size: 861KB - Virtual size: 863KB

.zdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 71KB - Virtual size: 71KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 239KB - Virtual size: 239KB

.idata
Size: 883KB - Virtual size: 6.3MB

.bss
Size: 861KB - Virtual size: 863KB

.zdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 71KB - Virtual size: 71KB