3e293e9272b8061de1ac22c66de3962e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e293e9272b8061de1ac22c66de3962e_JaffaCakes118
Size

438KB
MD5

3e293e9272b8061de1ac22c66de3962e
SHA1

d413c74ceff1bff04c2635f950acd9a685f76204
SHA256

0f18c9a1e129d32e41847e29321503f70c10178ed4190a79dd362e86591f7188
SHA512

88f4d00cc41ac6d9f1828b07804c47fd44305784f703081e5d4b9286ab0d810066a70725ce7db2b4a0467a671f6293389ba162360f58a872005881cff7f0badd
SSDEEP

12288:jMXzHaMQgIi2demcf4NYpvhpswbwdcAWRilJ/T:oXraMQ5demgUIvhpBs1Oi//T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e293e9272b8061de1ac22c66de3962e_JaffaCakes118

Files

3e293e9272b8061de1ac22c66de3962e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc55ff3a1ec1178489ffae428503837c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSetValueA
RegLoadKeyW
GetSidSubAuthority
IsTextUnicode
GetFileSecurityW
ObjectCloseAuditAlarmA
RegOpenKeyExW
RegEnumKeyExW
SetAclInformation

gdi32

CreateDIBPatternBrushPt
GetMetaRgn
SetROP2
GetTextExtentPointW
CancelDC
GdiGetBatchLimit
GetEnhMetaFileHeader
SetLayout
GetBoundsRect
GetViewportOrgEx
ResetDCA
SetLayout
GetROP2
GetPixel

kernel32

ExitProcess
GetTapeStatus
GetCommandLineW
FindAtomA
lstrcmpA
GetTickCount
GetLongPathNameW
LoadModule
GetCurrentProcess
VirtualAlloc
SetErrorMode
GetNamedPipeInfo
GetStartupInfoW
FlushViewOfFile
GetModuleHandleA
GetCurrentProcess
Sleep
VirtualFree
GetSystemDirectoryW
GetCommModemStatus

user32

GetWindowRgn
CloseWindow
IsChild
IsMenu
CharUpperW
GetMessageTime
GetListBoxInfo
IsWindow
LoadBitmapW
ExcludeUpdateRgn
EmptyClipboard
GetDCEx
EnumPropsA
CreateDialogParamW
GetDoubleClickTime
DefMDIChildProcA
OemToCharBuffA
ChangeClipboardChain
MonitorFromRect

msvcrt

_spawnle
_strdate
_strcmpi
_mbctype
_wfindnext
_mbsinc
_initterm
_mbsdec
localeconv
_exit
_makepath
_ismbclower
iswgraph
_dup
__STRINGTOLD

Sections

.text
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0001
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0002
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0003
Size: 37KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0004
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0005
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0006
Size: 35KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0007
Size: 38KB - Virtual size: 12.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.0008
Size: 119KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc55ff3a1ec1178489ffae428503837c

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

user32

msvcrt

Sections

.text Size: 19KB - Virtual size: 20KB

.data Size: 38KB - Virtual size: 46KB

.0001 Size: 39KB - Virtual size: 40KB

.0002 Size: 36KB - Virtual size: 43KB

.0003 Size: 37KB - Virtual size: 46KB

.0004 Size: 38KB - Virtual size: 38KB

.0005 Size: 38KB - Virtual size: 38KB

.0006 Size: 35KB - Virtual size: 41KB

.0007 Size: 38KB - Virtual size: 12.9MB

.0008 Size: 119KB - Virtual size: 120KB

.text
Size: 19KB - Virtual size: 20KB

.data
Size: 38KB - Virtual size: 46KB

.0001
Size: 39KB - Virtual size: 40KB

.0002
Size: 36KB - Virtual size: 43KB

.0003
Size: 37KB - Virtual size: 46KB

.0004
Size: 38KB - Virtual size: 38KB

.0005
Size: 38KB - Virtual size: 38KB

.0006
Size: 35KB - Virtual size: 41KB

.0007
Size: 38KB - Virtual size: 12.9MB

.0008
Size: 119KB - Virtual size: 120KB