4c7f59d39ad2102214fb0dac6412677f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4c7f59d39ad2102214fb0dac6412677f_JaffaCakes118
Size

146KB
MD5

4c7f59d39ad2102214fb0dac6412677f
SHA1

72ed95b4f0787b521cc5ada069da69878dddb511
SHA256

c5b75391763ac0ae3cb107bc06944a827409dc039c832db9a8ec77f9e25e549a
SHA512

67c5c8e516d2f7e3ddb87b0f851f66328dd8b73423ad7727a933d1100060fe4a3bf6ebe75824a88e40b5b7bd2399e0424a79544a43e9ce38b9431b9729fa62d2
SSDEEP

3072:ufzNZy8c8sZ26bAcz23MR1xLS57+/bGc07bI6b67ETZUBrxeuD:uhZ5uDj/bGcgBwETZUqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c7f59d39ad2102214fb0dac6412677f_JaffaCakes118

Files

4c7f59d39ad2102214fb0dac6412677f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

37c8749c5bc257f05a253daa5e8a5ba8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetFileAttributesW
GetModuleFileNameW
DeviceIoControl
GlobalLock
GetExitCodeProcess
GetModuleHandleW
lstrcpynA
GetStringTypeA
GetDateFormatA
WriteConsoleA
VirtualProtect
DeleteFileA
GetDiskFreeSpaceA
SystemTimeToFileTime
GetModuleHandleA
GetEnvironmentStringsW
GetStartupInfoA
IsValidCodePage
FileTimeToDosDateTime

msvcrt

_putenv
__set_app_type
_acmdln
_adjust_fdiv
_exit
wcsstr
pow
_except_handler3
_XcptFilter
_wfopen
__p__commode
_get_osfhandle
__setusermatherr
_vsnwprintf
strerror
__p__fmode
_controlfp
swprintf
__getmainargs
_initterm
log10
exit

oleaut32

SysStringByteLen
VariantCopyInd
SysFreeString
SysAllocStringLen
GetErrorInfo
VariantInit
SafeArrayPtrOfIndex
GetActiveObject
SafeArrayGetUBound

gdi32

EnumFontsA
OffsetRgn
OffsetViewportOrgEx
GetTextAlign
GetViewportOrgEx
GetMetaFileBitsEx
EnumFontFamiliesExA
AddFontResourceA
StretchBlt
OffsetWindowOrgEx

advapi32

LookupPrivilegeValueW
OpenServiceA
RegOpenKeyW
SetSecurityDescriptorGroup
AllocateAndInitializeSid
CheckTokenMembership
RegEnumValueW
GetUserNameA
FreeSid
GetLengthSid
DeregisterEventSource
InitializeSecurityDescriptor

user32

GetTopWindow
MessageBoxA
DrawIconEx
SetWindowPos
RemovePropA
CallNextHookEx
LoadStringA

comctl32

ImageList_LoadImageA
CreateToolbarEx
ImageList_Create
InitCommonControlsEx
ImageList_GetImageInfo

shell32

DoEnvironmentSubstW
SHGetSpecialFolderPathA
Shell_NotifyIconW
ExtractIconExA
FindExecutableW

ole32

CoCreateGuid
StringFromGUID2
StgCreateDocfileOnILockBytes
StringFromCLSID
CoRegisterMessageFilter
CoInitializeSecurity
CoUninitialize
CLSIDFromProgID
IsAccelerator
IsEqualGUID
RevokeDragDrop
OleDraw
OleSetMenuDescriptor

version

GetFileVersionInfoSizeW
VerQueryValueW
VerLanguageNameA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zwsgafp
Size: - Virtual size: 72KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

37c8749c5bc257f05a253daa5e8a5ba8

Headers

File Characteristics

Imports

kernel32

msvcrt

oleaut32

gdi32

advapi32

user32

comctl32

shell32

ole32

version

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 18KB - Virtual size: 40KB

.rsrc Size: 106KB - Virtual size: 134KB

zwsgafp Size: - Virtual size: 72KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 18KB - Virtual size: 40KB

.rsrc
Size: 106KB - Virtual size: 134KB

zwsgafp
Size: - Virtual size: 72KB