3914251b8985fccee66556e3b2dffc8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3914251b8985fccee66556e3b2dffc8c_JaffaCakes118
Size

312KB
MD5

3914251b8985fccee66556e3b2dffc8c
SHA1

6cc8bea006da75fca0bf3adbd81bd5e5c82d2c2a
SHA256

46e4662dfc61690fec9f72e087e86d2f118326b4382b0382e459643140ff41c7
SHA512

7501cf6e730c15acbf15aa0a7247182872f21ee9f2313f004a6162cc4e849b3a2823cce28206232294fb1f604ef74b1f5deef9f63499d4ce66ef42cf2a1def6c
SSDEEP

6144:eti9OrF84+iQ4BcEdcep8zpk4yIf6FIws3CjDNNwYnwh2FYJRS7:MiMrFNQkcEWpLfkI/ENwYw9JR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3914251b8985fccee66556e3b2dffc8c_JaffaCakes118

Files

3914251b8985fccee66556e3b2dffc8c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f04d543dac3f82aedb89bbd137be4100

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
SetFileTime
GlobalAddAtomA
ExitProcess
_lopen
FreeEnvironmentStringsA
ReleaseMutex
GlobalAddAtomW
ReadConsoleA
GetLargestConsoleWindowSize
GetVersionExA
GetCommandLineA
VirtualProtect
GetShortPathNameW

user32

BringWindowToTop
ScrollWindow
CountClipboardFormats
CreateDialogIndirectParamA
GetLastActivePopup
CreateIcon
SendDlgItemMessageA
PeekMessageA
GetWindowLongA
InsertMenuItemW
DeleteMenu
OemToCharBuffA
CreateCursor
GetMenuCheckMarkDimensions
UnregisterHotKey
ChangeMenuW

gdi32

ExtTextOutW
StrokePath
CreateHalftonePalette
GetFontData
EnumObjects
RealizePalette
GetTextCharset
PlayEnhMetaFileRecord
CopyEnhMetaFileW
GetTextMetricsA
SetWinMetaFileBits
GetRegionData
FrameRgn
CopyEnhMetaFileA
RectInRegion
TextOutW
GetWindowOrgEx
DeleteObject
CreateDIBitmap
SetBitmapDimensionEx
CreateCompatibleDC

advapi32

RegEnumKeyW
RegisterEventSourceA
RegDeleteKeyW
InitiateSystemShutdownW
SetEntriesInAclW
QueryServiceConfigW
RegLoadKeyW
RegConnectRegistryA
CreatePrivateObjectSecurity
GetExplicitEntriesFromAclW
RegNotifyChangeKeyValue
RegEnumValueW
EnumServicesStatusW
RegisterEventSourceW
CryptDestroyHash
DestroyPrivateObjectSecurity
CryptCreateHash
GetServiceDisplayNameW
RegCloseKey
GetSidIdentifierAuthority
RegCreateKeyExA
RegisterServiceCtrlHandlerW
CryptReleaseContext
SetNamedSecurityInfoA
RegOpenKeyExA
QueryServiceObjectSecurity
GetUserNameW
ReportEventA

shell32

SHChangeNotify
SHGetPathFromIDListA

ole32

CoFreeAllLibraries
OleCreate
CoSwitchCallContext
RevokeDragDrop
CoRegisterMallocSpy
OleLockRunning
ProgIDFromCLSID

oleaut32

VariantChangeType
SysAllocStringLen
SetErrorInfo
SafeArrayCreate
SysFreeString
QueryPathOfRegTypeLi

comctl32

ImageList_DragEnter

shlwapi

StrStrA
PathQuoteSpacesA
PathRenameExtensionW
StrFormatKBSizeW

setupapi

SetupTermDefaultQueueCallback
SetupDiGetDeviceInfoListDetailA
SetupDiCreateDeviceInfoA
SetupDiCallClassInstaller
SetupDiBuildClassInfoList
SetupCloseFileQueue

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f04d543dac3f82aedb89bbd137be4100

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

setupapi

Sections

.text Size: 284KB - Virtual size: 280KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 20KB - Virtual size: 16KB

.text
Size: 284KB - Virtual size: 280KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 20KB - Virtual size: 16KB