40382b9f1e129d714f812cf77f5350d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40382b9f1e129d714f812cf77f5350d7_JaffaCakes118
Size

150KB
MD5

40382b9f1e129d714f812cf77f5350d7
SHA1

4733a8b9ad6e6e115392aaf696c49d956f542c8e
SHA256

41844c4a79c7de15fed3131b6f364cb420d60d12328b44bdfdcef91ee59c8b90
SHA512

c4dcb0f923b1d0f3e1c258785a93072989a31ecb099bed876970404586f5888832a5650a918cb7c58913036ec6d196a619efbb0c862e43d6d79a1ea6f9c4504c
SSDEEP

3072:uHg0LyqLIa4EfhXSd6jahX2D+Q9+hI/EaueY7h+ABpMNBY6eTbXcm6UyUupl:uxt9FSdZ4+Q9dEaueYJpMfY6eTb6/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40382b9f1e129d714f812cf77f5350d7_JaffaCakes118

Files

40382b9f1e129d714f812cf77f5350d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9282631c77dc88c0169eb91538834cce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_adjust_fdiv
__set_app_type
__pioinfo
_except_handler3
_initterm
sscanf
_XcptFilter
_controlfp
localtime
__getmainargs
strstr
__p__commode
ctime
_getcwd
_acmdln
exit
__setusermatherr
_wcslwr
fputc
__lc_codepage
_fullpath
fflush
__p__fmode
fgetpos
log10
_wcsnicmp

kernel32

GetStringTypeA
UnhandledExceptionFilter
GetModuleHandleA
GetStdHandle
GetStartupInfoA
LocalAlloc
ExpandEnvironmentStringsA
SetHandleCount
VirtualProtect
FlushFileBuffers
GetThreadLocale

user32

PeekMessageA
SetRect
IsWindowVisible
GetMenu
IsRectEmpty
EnumThreadWindows
DrawMenuBar
GetMenuState
BeginPaint
SetTimer
GetWindowTextA
GetActiveWindow

comctl32

CreateStatusWindowA
PropertySheetA
ImageList_Add
CreatePropertySheetPageA
ImageList_SetOverlayImage
ImageList_AddMasked
ImageList_LoadImageA
ImageList_GetBkColor
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_Remove
ImageList_Create
ImageList_BeginDrag
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_SetIconSize

oleaut32

VariantCopy
SafeArrayPutElement
VariantCopyInd
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SetErrorInfo

advapi32

RegDeleteValueW
RegEnumKeyW
GetLengthSid
CryptDestroyHash
CheckTokenMembership

gdi32

PlayMetaFile
EnumFontsA
CloseEnhMetaFile
SetDIBits
StrokeAndFillPath
StretchBlt

version

GetFileVersionInfoA
VerLanguageNameA
VerInstallFileA
VerQueryValueW

shell32

ExtractIconExA
SHGetPathFromIDListA
SHGetFileInfo
SHGetSettings
ExtractAssociatedIconW
SHGetFileInfoA

ole32

CoCreateInstance
CreateBindCtx
CoUninitialize
PropVariantClear
StgOpenStorage
CoTaskMemAlloc

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9282631c77dc88c0169eb91538834cce

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

comctl32

oleaut32

advapi32

gdi32

version

shell32

ole32

Sections

.text Size: 19KB - Virtual size: 18KB

.data Size: 18KB - Virtual size: 40KB

.rsrc Size: 112KB - Virtual size: 112KB

.text
Size: 19KB - Virtual size: 18KB

.data
Size: 18KB - Virtual size: 40KB

.rsrc
Size: 112KB - Virtual size: 112KB