3883d658c90d190b861f7d36a2d216dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3883d658c90d190b861f7d36a2d216dc_JaffaCakes118
Size

261KB
MD5

3883d658c90d190b861f7d36a2d216dc
SHA1

5f56924466488fa72eec669f4b2f8fe99398209e
SHA256

78cd9411fa0e5919e0a3be364c6c03990f9126a698f3373cb47ca739e543d1b2
SHA512

82882e451238b52f30562a7d852526d79ebeaf33837db5406bc3a2409519245e70e956dfdc86187bc625929710116c316449fa46fe4cb54d27119cfca3fafd5c
SSDEEP

6144:JnnTFHHYSpFy/oDS0s5WB0GuLAQYG4tm04kzYkcaPlvq9Dy:xT1p0SDs5dGsAPt5PYkcatvq9u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3883d658c90d190b861f7d36a2d216dc_JaffaCakes118

Files

3883d658c90d190b861f7d36a2d216dc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ef34114b6baeed03436438995535656

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
GetModuleFileNameW
GetLastError
GetTickCount
LocalFree
GetVersionExW
GetCurrentProcess
FreeLibrary
lstrlenW
lstrcpynW
GetFileAttributesA
GetFullPathNameA
MultiByteToWideChar
lstrlenA
lstrcpynA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
Sleep
GetFileAttributesW
GetWindowsDirectoryW
LoadLibraryW
CreateMutexA
GetProcAddress
LoadLibraryA

user32

SendMessageW
SetForegroundWindow
EnableWindow

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyA

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation

query

CIState
CIMakeICommand
CiSvcMain
CollectCIISAPIPerformanceData
CIRestrictionToFullTree
DoneFILTERPerformanceData
BindIFilterFromStream
CollectFILTERPerformanceData
LocateCatalogs

msls31

LsSetDoc
LsSetBreaking
LsdnDistribute
LsDisplaySubline
LssbGetDurTrailInSubline
LsdnFinishByPen
LsdnFinishRegularAddAdvancePen
LsFindPrevBreakSubline
LsdnModifyParaEnding
LsGetSpecialEffectsSubline
LsModifyLineHeight
LsFetchAppendToCurrentSubline
LsdnFinishBySubline
LsQueryCpPpointSubline

Sections

.icode
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gocOih
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 83KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 133KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.G
Size: 3KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ef34114b6baeed03436438995535656

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

query

msls31

Sections

.icode Size: 2KB - Virtual size: 2KB

.gocOih Size: 2KB - Virtual size: 13KB

.text Size: 13KB - Virtual size: 16KB

.rdata Size: 2KB - Virtual size: 45KB

.edata Size: 83KB - Virtual size: 101KB

.data Size: 5KB - Virtual size: 201KB

.edata Size: 133KB - Virtual size: 227KB

.G Size: 3KB - Virtual size: 246KB

.rsrc Size: 15KB - Virtual size: 14KB

.icode
Size: 2KB - Virtual size: 2KB

.gocOih
Size: 2KB - Virtual size: 13KB

.text
Size: 13KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 45KB

.edata
Size: 83KB - Virtual size: 101KB

.data
Size: 5KB - Virtual size: 201KB

.edata
Size: 133KB - Virtual size: 227KB

.G
Size: 3KB - Virtual size: 246KB

.rsrc
Size: 15KB - Virtual size: 14KB