3b81c08179e8406eb49fee0b93b76fcb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b81c08179e8406eb49fee0b93b76fcb_JaffaCakes118
Size

248KB
MD5

3b81c08179e8406eb49fee0b93b76fcb
SHA1

0f459d13c3d526c98637cfa04a39e329d42f401b
SHA256

5679bef8987cf10730cf60b681b73f17bdd3b025fabed987d9b6d822f6f1b13e
SHA512

84e5de32c7627a4410d4a17186bc0933f081dd4341628fc7801fedfa786b65c9c8730bc0d00c082bb910b336addf3127df8c868eb79af5243909e3f955363986
SSDEEP

6144:iQ3XlJCSaGFNenrKrrtD2qLrZAE7aqyr:N3VkMFkn42YZAyK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b81c08179e8406eb49fee0b93b76fcb_JaffaCakes118

Files

3b81c08179e8406eb49fee0b93b76fcb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cd8cf34473aacfc2824fbae1b160b940

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFiber
GetVersionExA
GetCommandLineA
VirtualAlloc
ExitProcess
VirtualProtect

user32

GetDlgItem
IsCharAlphaA
GetClassInfoExA
GetDlgItemInt
GetMenuItemID
SwapMouseButton
GetClientRect
GetIconInfo
InsertMenuA
SendInput
GetPropA
CopyRect
UpdateWindow
SetCaretPos

gdi32

RoundRect
GetTextFaceW
GetObjectA
StrokePath
UpdateColors
EnumEnhMetaFile
CombineRgn
RemoveFontResourceW
SetPaletteEntries
SetBkColor
GetGlyphOutlineA
GetEnhMetaFileDescriptionA

comdlg32

PageSetupDlgW

advapi32

CryptGetProvParam
CryptVerifySignatureA
AllocateLocallyUniqueId
IsValidSid
GetFileSecurityA
CryptSetHashParam
LookupAccountNameW
CryptImportKey
RegUnLoadKeyA
LookupPrivilegeValueA
MakeAbsoluteSD
RegCreateKeyW
DeleteService
EnumDependentServicesW
RegReplaceKeyW
SetPrivateObjectSecurity
DestroyPrivateObjectSecurity
RegisterEventSourceW
GetSidSubAuthority
ImpersonateLoggedOnUser
AdjustTokenPrivileges
ObjectCloseAuditAlarmW
GetSidLengthRequired
RegConnectRegistryA
StartServiceCtrlDispatcherW
RegisterEventSourceA
CloseServiceHandle
AddAce

shell32

SHLoadInProc
SHAddToRecentDocs
SHFileOperationW

ole32

StgSetTimes
CoGetClassObject
CoRegisterMallocSpy
ReadClassStg
ProgIDFromCLSID
CoFreeAllLibraries
OleCreate
GetRunningObjectTable

oleaut32

LoadTypeLibEx
VariantCopy
SafeArrayGetElement

comctl32

ImageList_LoadImageA
ImageList_ReplaceIcon
ImageList_Remove
ImageList_SetOverlayImage

shlwapi

StrCmpNW
PathRenameExtensionW
StrRChrW
PathCommonPrefixW
AssocQueryKeyW
StrFormatByteSizeA
SHRegGetBoolUSValueW
SHDeleteKeyW
SHDeleteValueW
StrStrW
PathSkipRootW
StrStrIW
PathRemoveExtensionW
StrToIntExW
StrCpyW
StrFormatKBSizeW

Sections

.text
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd8cf34473aacfc2824fbae1b160b940

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 8KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 232KB - Virtual size: 229KB

.text
Size: 8KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 232KB - Virtual size: 229KB