3d7fea0f5523e59a97ac093202c1921a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d7fea0f5523e59a97ac093202c1921a_JaffaCakes118
Size

449KB
MD5

3d7fea0f5523e59a97ac093202c1921a
SHA1

e71e9a0ce3c1e30a7c926a8a32bfb89ba866b9c0
SHA256

3d638edaeb95d847c1d12a2259cf160282bc2f8de20753ed524897f41b52cf54
SHA512

bea1c6ca8e6a3b2147759fa442d0276eb1c2bda0e28f0616b540309b84b5e8b506e5f014d0d15792badea4e27aae6c193b912d8bc686ef5cda64be49982ffc22
SSDEEP

12288:IqYTXbvfN63ZSR4brDdNEI/3gKgyrTu/ds:ED1CZSR4nRbnPrTu/ds

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d7fea0f5523e59a97ac093202c1921a_JaffaCakes118

Files

3d7fea0f5523e59a97ac093202c1921a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6040e9b21188009c6dbe21b28f69d9a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellHookProc
DragQueryFile
ShellExecuteA
ShellExecuteW
SheChangeDirA

advapi32

RegQueryInfoKeyA
RegFlushKey
CryptDestroyKey
CryptGetHashParam
RegEnumValueW
InitializeSecurityDescriptor
CryptSetProviderA

user32

GetWindowTextW
HideCaret
SetMessageQueue
DlgDirSelectExW
SendMessageW
GetWindowTextLengthW
GetWindowContextHelpId
RemoveMenu
CountClipboardFormats
GetUpdateRect

kernel32

InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
GetEnvironmentStringsW
GetLocaleInfoA
GetTickCount
WriteFile
QueryPerformanceCounter
RtlUnwind
GetEnvironmentStrings
TlsGetValue
GetSystemTimeAsFileTime
GetCommandLineA
GetStringTypeW
LoadLibraryA
InterlockedIncrement
MultiByteToWideChar
SetEnvironmentVariableA
HeapDestroy
UnhandledExceptionFilter
GetVersionExA
FreeEnvironmentStringsW
InterlockedExchange
GetCPInfo
WideCharToMultiByte
GetLastError
GetUserDefaultLCID
MoveFileA
GetACP
GetProcAddress
GetCurrentProcessId
VirtualAlloc
LCMapStringA
VirtualFree
GetStringTypeA
GetCurrentThreadId
LCMapStringW
HeapFree
GetCurrentThread
SetUnhandledExceptionFilter
GetModuleFileNameA
DeleteCriticalSection
TlsFree
HeapCreate
TlsSetValue
FreeEnvironmentStringsA
IsValidCodePage
TlsAlloc
GetStartupInfoA
GetOEMCP
SetConsoleCtrlHandler
CompareStringW
GetModuleHandleA
SetLastError
GetProcessHeap
GetTimeFormatA
InterlockedDecrement
EnterCriticalSection
SetHandleCount
HeapReAlloc
GetTimeZoneInformation
GetLocaleInfoW
VirtualQuery
IsValidLocale
FreeLibrary
GetCurrentProcess
CompareStringA
HeapAlloc
Sleep
EnumSystemLocalesA
ExitProcess
GetFileType
TerminateProcess
GetStdHandle
HeapSize
GetDateFormatA

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6040e9b21188009c6dbe21b28f69d9a8

Headers

File Characteristics

Imports

shell32

advapi32

user32

kernel32

Sections

.text Size: 147KB - Virtual size: 147KB

.rdata Size: 8KB - Virtual size: 17KB

.data Size: 281KB - Virtual size: 280KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 8KB - Virtual size: 17KB

.data
Size: 281KB - Virtual size: 280KB

.rsrc
Size: 11KB - Virtual size: 10KB