3f897e22a984b385d7d32446b334d6a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f897e22a984b385d7d32446b334d6a1_JaffaCakes118
Size

390KB
MD5

3f897e22a984b385d7d32446b334d6a1
SHA1

bf57884e20c617990fe4cd9bfa840a11c4f5c158
SHA256

2b00f017aef9a11e8d1aeb20c887a7c3752cb909e6dffb28dc2aae2e11ccafb8
SHA512

b439c8a1eaba9cce0e9d22a6b320ccd32f506a3561b75504976616e42f1b226da6c8150133830d673e631cfcc235921d919afb6792036e15c1b6150c8dc0f380
SSDEEP

6144:ifPougIPEfM5ipA8sqfaTzbN59rZybSVcwaX8iBUiaFp9KbwPyOiB:ifPouDPEfb+qfaB5ySG3m9Kb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f897e22a984b385d7d32446b334d6a1_JaffaCakes118

Files

3f897e22a984b385d7d32446b334d6a1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb842b4138aeb7b7fa4b34776f384c9b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
SelectClipPath
SetMapMode
CloseFigure
CreateICA
StartPage
GetPaletteEntries
GetTextExtentExPointA
GetGlyphOutlineW
DeleteObject
GetCharWidthFloatA
GetGlyphOutline
PathToRegion
RoundRect
TranslateCharsetInfo
EnumFontFamiliesExA
GdiPlayScript
EnumFontFamiliesA

shell32

SHBrowseForFolderA
SHGetInstanceExplorer
SHGetSpecialFolderPathW
SheChangeDirExW
ShellExecuteW

user32

GetDialogBaseUnits
SendMessageW
IsDialogMessage
ExitWindowsEx
SetWindowWord

comdlg32

PrintDlgW
ChooseColorA
PageSetupDlgA
ChooseFontW

kernel32

GetModuleFileNameA
GetCurrencyFormatW
FreeEnvironmentStringsA
GetFileType
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessAffinityMask
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
GetCurrentProcess
HeapFree
WriteFile
GlobalCompact
TlsGetValue
GetCurrentThread
GetTickCount
TerminateProcess
HeapReAlloc
lstrlenA
WideCharToMultiByte
HeapValidate
GetStartupInfoA
GetEnvironmentVariableA
GetStartupInfoW
HeapAlloc
GetEnvironmentStrings
HeapDestroy
DeleteCriticalSection
VirtualFree
GetVersion
RtlUnwind
GetProcAddress
GetCurrentProcessId
GetCommandLineA
TlsFree
InterlockedExchange
IsBadWritePtr
SetHandleCount
HeapCreate
EnterCriticalSection
SetComputerNameA
GetStdHandle
GetCommandLineW
GetModuleFileNameW
GetLastError
QueryPerformanceCounter
ExitProcess
LeaveCriticalSection
lstrcpynW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
TlsSetValue
VirtualQuery
LoadLibraryA
GetCurrentThreadId
VirtualAlloc
SetLastError
GetModuleHandleA
MultiByteToWideChar

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb842b4138aeb7b7fa4b34776f384c9b

Headers

File Characteristics

Imports

gdi32

shell32

user32

comdlg32

kernel32

Sections

.text Size: 112KB - Virtual size: 112KB

.data Size: 266KB - Virtual size: 269KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 112KB - Virtual size: 112KB

.data
Size: 266KB - Virtual size: 269KB

.rsrc
Size: 10KB - Virtual size: 10KB