40516c603a1954676d60911c2e65c7be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40516c603a1954676d60911c2e65c7be_JaffaCakes118
Size

230KB
MD5

40516c603a1954676d60911c2e65c7be
SHA1

9c3f55e66df8f9c4a4e082673104ee2c0e1aa0b8
SHA256

d78078825ffe329fe170e3bc0199cdcb3d60d1bf42c03ef7d0f0f3f3441bc8e2
SHA512

669af5ca1bf4795407392d69f52c2ed9546017addaf9d26bfeeee579f9c42958d35bc0b4c3a41af65033f4e0b155ed296864de3472b1db3e322d65eef8aad9ae
SSDEEP

6144:IexMhM+1igw4IktbYnM1xRtLmi7Le+dLxUeh1hqvjo/FEyU:lClqAt8MHRZhLWeh1eoah

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40516c603a1954676d60911c2e65c7be_JaffaCakes118

Files

40516c603a1954676d60911c2e65c7be_JaffaCakes118
.exe windows:5 windows x86 arch:x86

685135178cabfbe2a09dabbae30f7e5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseColorW

msvcrt

__set_app_type
fputc
__setusermatherr
memset
_adjust_fdiv
strncmp
fread
strncpy
signal
__p__fmode
_snprintf
_except_handler3
free
__getmainargs
strstr
_vsnprintf
strlen
_acmdln
_cexit
_exit
printf
fprintf
exit
atan2
_errno
_iob
_XcptFilter
fopen
__p__commode
calloc
_write
_initterm
_stricmp
wcslen
strcmp

kernel32

WideCharToMultiByte
GlobalAlloc
MultiByteToWideChar
GetFileType
CreateDirectoryA
CreateProcessA
FreeEnvironmentStringsA
IsBadWritePtr
CreateFileMappingA
CompareFileTime
SetThreadLocale
lstrlenA
lstrcmpiW
ExitProcess
VirtualProtect
DeviceIoControl
GetCurrentProcess
GlobalLock
Sleep
RemoveDirectoryA
FileTimeToDosDateTime
GetStartupInfoA
GetModuleHandleA
IsDBCSLeadByte

oleaut32

VariantCopy
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayGetElement
CreateErrorInfo
SafeArrayGetUBound
SafeArrayCreate
SysStringByteLen
SafeArrayPutElement
SetErrorInfo
SysFreeString
VariantClear
SysAllocStringByteLen

advapi32

LookupPrivilegeValueA
RegCreateKeyA
CryptCreateHash
DeregisterEventSource
RegSetValueExA
GetSecurityDescriptorDacl
RegQueryInfoKeyA
RegEnumKeyA
AddAccessAllowedAce
GetTokenInformation
ControlService
CryptAcquireContextA
RegSetValueExW
RegDeleteValueA
OpenSCManagerW
IsValidSid
RegDeleteKeyA

user32

SetClassLongA
ScreenToClient
FillRect
RemoveMenu
SetScrollInfo
SetCursor
UpdateWindow
RegisterClassA
GetDCEx
SetCapture
IsIconic
GetWindowPlacement
WaitMessage
DrawTextA
GetParent
DrawMenuBar

ole32

CoInitialize
OleUninitialize
OleInitialize
IsAccelerator
StringFromGUID2
StgCreateDocfileOnILockBytes
OleSetClipboard
CreateStreamOnHGlobal
CoSetProxyBlanket
OleDraw
OleGetClipboard
CoUninitialize
CreateBindCtx
CoRegisterClassObject
CoRegisterMessageFilter

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

685135178cabfbe2a09dabbae30f7e5e

Headers

File Characteristics

Imports

comdlg32

msvcrt

kernel32

oleaut32

advapi32

user32

ole32

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 113KB - Virtual size: 178KB

.rsrc Size: 110KB - Virtual size: 109KB

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 113KB - Virtual size: 178KB

.rsrc
Size: 110KB - Virtual size: 109KB