3bc78ce6e2fdc773ba8949069cd3bf19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3bc78ce6e2fdc773ba8949069cd3bf19_JaffaCakes118
Size

576KB
MD5

3bc78ce6e2fdc773ba8949069cd3bf19
SHA1

3e100890795e1a66ddf7310b2378f76c18a4dfed
SHA256

a197192c326e76cad3f0e0fb430b1aa2a5faabab4b1290df1f5a8a191eec06e1
SHA512

22c70ee56c7e927ce39398d7a73090dae2182907ed06bede2ac7b1c3cec4756112861a641975d542dbecdadb29a0aa5f413dcbe2b1d3a400151b61369dda7526
SSDEEP

12288:GXFcI9tgwzGNetMs/McFmakQDwSYegeUE1M:GVvEwOds049kMwmgeUEC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bc78ce6e2fdc773ba8949069cd3bf19_JaffaCakes118

Files

3bc78ce6e2fdc773ba8949069cd3bf19_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ba38e69a3124465bdca561151ef4364

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenSCManagerA
GetSecurityInfo
CryptHashData
AllocateLocallyUniqueId
CryptGetKeyParam
IsValidSecurityDescriptor
SetSecurityInfo
RegQueryInfoKeyA
BuildTrusteeWithSidW
GetSidIdentifierAuthority
QueryServiceStatus
OpenSCManagerW
RegOpenKeyA
CryptSetKeyParam
EnumServicesStatusW

kernel32

GetOverlappedResult
PeekNamedPipe
GetSystemDirectoryW
IsBadStringPtrA
WriteConsoleOutputW
GlobalAddAtomA
EnumDateFormatsW
SetConsoleMode
lstrcatW
OpenMutexA
GlobalAddAtomW
WritePrivateProfileStringA
FormatMessageA
SetProcessAffinityMask
GetDateFormatA
WritePrivateProfileSectionA
GetHandleInformation
UnmapViewOfFile
SetErrorMode
SetConsoleWindowInfo
GetTapeStatus
AreFileApisANSI
CreateFileW
WritePrivateProfileSectionW
GetComputerNameW
GlobalUnlock
GetLargestConsoleWindowSize
_llseek
CreateEventA
_lclose
EnumSystemCodePagesA
VirtualAlloc
EnumResourceLanguagesW
SetFileTime
SearchPathW
SetCurrentDirectoryA
FindCloseChangeNotification
WriteFile
GetThreadContext
VirtualUnlock
GetThreadPriority
GetTapeParameters
GetProfileIntA
PulseEvent
SetThreadPriorityBoost
MoveFileW
FlushFileBuffers
SetFileAttributesA
ClearCommBreak
DosDateTimeToFileTime
ReadConsoleInputW
IsProcessorFeaturePresent
lstrcmpiW
InitializeCriticalSection
ExitProcess
EnumResourceNamesA

comctl32

ImageList_SetOverlayImage
ImageList_GetDragImage
PropertySheetA

ole32

PropVariantCopy
CreateOleAdviseHolder

user32

AttachThreadInput
DefWindowProcW
MapVirtualKeyExW
SystemParametersInfoA
OemKeyScan
SetMenu
SetKeyboardState

shell32

SHFileOperationW
SHLoadInProc
ExtractIconA
SHGetSpecialFolderPathW

Sections

.text
Size: 7KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ba38e69a3124465bdca561151ef4364

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

ole32

user32

shell32

Sections

.text Size: 7KB - Virtual size: 223KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 303KB - Virtual size: 303KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 223KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 303KB - Virtual size: 303KB

.rsrc
Size: 17KB - Virtual size: 16KB