40cfed09fc43dea739f03b65cce94893_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

40cfed09fc43dea739f03b65cce94893_JaffaCakes118
Size

511KB
MD5

40cfed09fc43dea739f03b65cce94893
SHA1

a3d0e53faa47c801cf8ccd69c3442c26f06aa124
SHA256

1af87024f12d89aefbfff8eb0eb7b9bfc43cf37e1b40384936198778435da2a8
SHA512

80f333e4083e2ac73dda3804ea94b208ea516ba2f04e8e2869cba2bb6879132acc24535cdaf4d250fcb8a417dd512350635edad7435cb03d8acf5fae632f5517
SSDEEP

3072:YuB2wwIYplbCIt3dgRtJQcisHjXNmyGE5t+:z25VCIlyTJQMj1x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40cfed09fc43dea739f03b65cce94893_JaffaCakes118

Files

40cfed09fc43dea739f03b65cce94893_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2794914636587f3d1a4ee178b2e747f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitiateSystemShutdownA
GetSidIdentifierAuthority
LockServiceDatabase
IsValidSecurityDescriptor
QueryServiceConfigA
RegConnectRegistryW
MakeAbsoluteSD
AllocateAndInitializeSid

kernel32

ExitProcess
_lread
IsDBCSLeadByteEx
DuplicateHandle
RaiseException
CopyFileExW
GetOEMCP
GetDiskFreeSpaceExA
SetProcessAffinityMask
SetErrorMode
RemoveDirectoryA
FindFirstFileA
GetCurrentDirectoryW
GetFileAttributesA
GlobalDeleteAtom
GlobalFlags
FindResourceExA
QueryDosDeviceW
GlobalFindAtomW
InitializeCriticalSection
ReadConsoleA
GetCommModemStatus
lstrcmpA
GlobalReAlloc
ReadDirectoryChangesW
GlobalFindAtomA
EnumCalendarInfoW
CreateEventA
LocalFileTimeToFileTime
GetLocaleInfoW
GetPrivateProfileStringA
SetMailslotInfo
QueryDosDeviceA
VirtualQuery
GenerateConsoleCtrlEvent
WritePrivateProfileSectionW
IsBadStringPtrA
AllocConsole
SetEnvironmentVariableA
GetSystemTimeAsFileTime
FreeLibraryAndExitThread
CloseHandle
_lclose
WaitNamedPipeA
GlobalFree
DeleteCriticalSection
GlobalUnlock
EnumResourceNamesW
SetTimeZoneInformation
VirtualUnlock
_llseek
SetConsoleTitleA
GetFileType
GetACP
MoveFileW
EnumCalendarInfoA
EnumResourceLanguagesW
WriteProcessMemory
DeleteFiber

oleaut32

SafeArrayRedim
SysStringLen
VariantCopy
SysFreeString
VariantChangeType
SafeArrayPutElement
SafeArrayCreate
SetErrorInfo
SysAllocStringLen
LoadTypeLibEx

user32

DrawFocusRect
RegisterWindowMessageW
GetDoubleClickTime
GetMenuItemInfoW
OemToCharA
SendMessageA
SetClassLongA
LoadStringA
LoadCursorFromFileW
DefDlgProcW
SetClassLongW
GetWindowTextA
CopyImage
BeginDeferWindowPos
NotifyWinEvent
GetWindowLongW
WindowFromPoint
GetMessageA
MessageBoxA
DefDlgProcA
SetWindowPlacement
EnableMenuItem
GetWindowDC
MessageBoxW
DragDetect
DrawStateW
SetMenu
CreateDialogParamA

ole32

OleInitialize
CoTaskMemRealloc
PropVariantCopy
CoGetInterfaceAndReleaseStream
StgOpenStorage
CreateStreamOnHGlobal

Sections

.text
Size: 7KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2794914636587f3d1a4ee178b2e747f2

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

user32

ole32

Sections

.text Size: 7KB - Virtual size: 223KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 263KB - Virtual size: 262KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 223KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 263KB - Virtual size: 262KB

.rsrc
Size: 16KB - Virtual size: 16KB