3d5eafac08fd61d46a79a22f07b4c608_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d5eafac08fd61d46a79a22f07b4c608_JaffaCakes118
Size

149KB
MD5

3d5eafac08fd61d46a79a22f07b4c608
SHA1

bf51382cfe19a761676726730fae01de49b30744
SHA256

c8aa5ed2021587854a0b148a954a092a038cf7f18800b06ff5da35a822c95e4c
SHA512

a24745486dd85ad4421ec1bc9158db74d0d79bf6d6b29db4bfc70a3fa01c1b00713a4c1c4974a370d2233b3315b225d09c9c97d8036fccb9d5d766b424740e1f
SSDEEP

3072:6TvjZIDqGFt5Mlzzmi6nqfklgUu1GqROVMugl7Ivj+dmW9H/:AbZIDtMlzzp6nqfkO1GqMBEEvjxof

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d5eafac08fd61d46a79a22f07b4c608_JaffaCakes118

Files

3d5eafac08fd61d46a79a22f07b4c608_JaffaCakes118
.exe windows:4 windows x86 arch:x86

13930a390b408cf09d2d35475148c752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__p__fmode
_mkdir
_acmdln
_purecall
_lseeki64
__p__commode
__CxxFrameHandler
_initterm
_XcptFilter
_adjust_fdiv
_controlfp
__getmainargs
log10
ftell
_except_handler3
fopen
__set_app_type
remove
exit
isspace
_stat
strlen
wcsrchr
__setusermatherr

kernel32

GetSystemDirectoryW
TerminateProcess
DisableThreadLibraryCalls
GetFileType
GetStartupInfoA
MultiByteToWideChar
VirtualProtect
GetStartupInfoW
GetExitCodeProcess
GetCurrentProcess
GetLocalTime
GetModuleHandleA
GetModuleFileNameW

gdi32

CreatePolygonRgn
CreateRectRgn
SetMetaFileBitsEx
GetEnhMetaFileDescriptionA
StrokeAndFillPath
CreateFontA
EnumFontFamiliesExA
PlayMetaFile

shell32

SHGetFolderPathA
DoEnvironmentSubstW
SHGetPathFromIDListW
SHGetMalloc
SHFileOperationW
Shell_NotifyIconA
SHFileOperationA
ShellExecuteA
ShellExecuteExW
DragAcceptFiles
SHGetFileInfo

oleaut32

GetErrorInfo
SafeArrayUnaccessData
SetErrorInfo
SysAllocStringLen
VariantInit
SafeArrayCreate
SafeArrayPutElement
SysReAllocStringLen
SysFreeString
GetActiveObject
CreateErrorInfo

advapi32

RegCreateKeyExW
RegFlushKey
RegEnumKeyExA
GetLengthSid
CryptAcquireContextA
RegSetValueExA
DeregisterEventSource
CryptReleaseContext
OpenSCManagerA
InitializeSecurityDescriptor
DeleteService
OpenServiceA

comctl32

ImageList_Write
PropertySheetA
PropertySheetW
ImageList_Draw
ImageList_GetImageCount
CreatePropertySheetPageA
ImageList_Read

version

VerInstallFileW
VerQueryValueW
VerInstallFileA
VerQueryValueA
GetFileVersionInfoSizeW
VerFindFileW
GetFileVersionInfoA

user32

ShowOwnedPopups
SetWindowLongA
GetParent
WaitMessage
SendDlgItemMessageA
ScrollWindow
DestroyCursor
SetWindowsHookExA
ShowCursor
DispatchMessageA
GetSystemMenu
GetWindowRect

ole32

StgOpenStorageOnILockBytes
CoUninitialize
CoCreateGuid
CoTaskMemAlloc
CLSIDFromString
CoTaskMemRealloc

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

czcswuj
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13930a390b408cf09d2d35475148c752

Headers

File Characteristics

Imports

msvcrt

kernel32

gdi32

shell32

oleaut32

advapi32

comctl32

version

user32

ole32

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 17KB - Virtual size: 40KB

.rsrc Size: 111KB - Virtual size: 139KB

czcswuj Size: - Virtual size: 4KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 17KB - Virtual size: 40KB

.rsrc
Size: 111KB - Virtual size: 139KB

czcswuj
Size: - Virtual size: 4KB