46e695107d14b5a173b2eafdd8d67575_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46e695107d14b5a173b2eafdd8d67575_JaffaCakes118
Size

108KB
MD5

46e695107d14b5a173b2eafdd8d67575
SHA1

4662a7c6cd332efbd9444346aa15e37263438277
SHA256

57f967ea9c8554f9b475ce0c68311766ec7c753315388ac75a30e805536dc56c
SHA512

246f1abb9c0bc63dc9fe4d0d37a31162680518dbb46b3c568d3908141fbff6020bc39b73c0a4b036a6ee0d9ead5ecd2c308e50db223e13acfabc74cd48e6a49a
SSDEEP

3072:45IHi0i5P2bKo121YvjBl1XlRTbjTONuSVmKMMiU1m9:dCd5P2Oo121KjBl1DfjTONFmKNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46e695107d14b5a173b2eafdd8d67575_JaffaCakes118

Files

46e695107d14b5a173b2eafdd8d67575_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9017e2ffa6d64b58375c84d00d42b2d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysFreeString
VariantCopyInd
LoadTypeLib
SysAllocStringLen

advapi32

CreateServiceA
ControlService
DeleteService
InitializeSecurityDescriptor
OpenProcessToken
QueryServiceStatus
SetSecurityDescriptorDacl
StartServiceA
AdjustTokenPrivileges
CloseServiceHandle

ole32

WriteClassStm
CoCreateInstance
CoRevokeClassObject
CreateBindCtx
CreateStreamOnHGlobal
OleFlushClipboard
WriteFmtUserTypeStg
CoGetClassObject
StringFromGUID2
ProgIDFromCLSID
OleLockRunning

user32

MessageBoxIndirectA
EnableWindow
DrawMenuBar
DialogBoxParamA
DestroyWindow
SetCursor

shell32

SHGetFileInfoA
SHBindToParent
SHFileOperationA
SHGetMalloc

shlwapi

PathIsRootA
PathIsDirectoryA
PathFileExistsA
PathCompactPathExA
PathAppendA
PathMatchSpecA
PathUnquoteSpacesA
SHAutoComplete
StrStrIA

msvcrt

vsprintf
strcmp
sprintf
rand
_except_handler3
free
getenv
memchr
memmove
memcpy

kernel32

EnumResourceLanguagesA
ExitThread
FlushFileBuffers
FreeResource
GetLastError
GetStartupInfoA
GetVersion
GetVersionExA
HeapAlloc
InterlockedIncrement
LocalAlloc
MapViewOfFile
RtlUnwind
WriteFile
lstrcmpA
lstrcpyA

Exports

Exports

Aig
Elp
Pno
Sec

Sections

.text
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9017e2ffa6d64b58375c84d00d42b2d3

Headers

File Characteristics

Imports

oleaut32

advapi32

ole32

user32

shell32

shlwapi

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 28KB

.rdata Size: 33KB - Virtual size: 36KB

.data Size: 22KB - Virtual size: 24KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 28KB

.text
Size: 25KB - Virtual size: 28KB

.rdata
Size: 33KB - Virtual size: 36KB

.data
Size: 22KB - Virtual size: 24KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 28KB