4d782acaf88853e63e1dba71ade61dd6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d782acaf88853e63e1dba71ade61dd6_JaffaCakes118
Size

212KB
MD5

4d782acaf88853e63e1dba71ade61dd6
SHA1

8dbaca17c99e770b84562b0f15962746461219e9
SHA256

96637d14c4a68bce039b2b5e19aef3bd41742f11529b148d56094bbd56271394
SHA512

6a1aec1b36e897ef09ddba969a563b3662e824014c3374a605d05c533061ce6f9b1773139af57be4e1dfc3175c08c67c1c07ba124ba282a6db3c488b530789e5
SSDEEP

3072:6RDHhGreWZboQ2t1ZALf9mSWnWRMfDOigynHxBk0dlAuThVo+lbhcox7jp:MZWZbGzClmWBijRHdlF1Zj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d782acaf88853e63e1dba71ade61dd6_JaffaCakes118

Files

4d782acaf88853e63e1dba71ade61dd6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

590264e566a0231f8c894896826e4445

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

Arc
CreateEllipticRgn
CreateFontIndirectA
CreateFontW
CreatePenIndirect
ExtFloodFill
GdiFlush
GetCurrentPositionEx
GetEnhMetaFileBits
GetNearestColor
GetObjectA
GetStretchBltMode
GetWinMetaFileBits
Polyline
RectInRegion
SetArcDirection
SetStretchBltMode
SetViewportExtEx
TextOutW

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptHashData
CryptReleaseContext
DeleteService
FreeSid
GetTokenInformation
InitializeSecurityDescriptor
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyW
RegEnumValueA
RegOpenKeyA
RegQueryInfoKeyA
RevertToSelf

ole32

CoCreateInstance
CoInitialize
CoInitializeSecurity
CoMarshalInterThreadInterfaceInStream
CoSetProxyBlanket
CreateBindCtx
DoDragDrop
IsEqualGUID
OleGetClipboard
OleRun
RevokeDragDrop
StgOpenStorageOnILockBytes

user32

BeginPaint
DispatchMessageA
DrawEdge
DrawFrameControl
DrawIcon
EndPaint
GetDCEx
GetWindowPlacement
IsDialogMessageA
OemToCharA
PeekMessageA
PostMessageA
RegisterWindowMessageA
RemoveMenu
SetWindowTextA
SetWindowsHookExA
TranslateMessage

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_Draw
ImageList_EndDrag
ImageList_GetDragImage
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
InitCommonControls

kernel32

CreateProcessA
FlushFileBuffers
GetCurrentDirectoryA
GetDriveTypeA
GetEnvironmentStrings
GetFileSize
GetModuleFileNameW
GetOEMCP
GetUserDefaultLangID
GlobalFree
LCMapStringA
OutputDebugStringA
SetEnvironmentVariableA
SetFileTime
WriteConsoleA

shell32

ExtractAssociatedIconW
ExtractIconExA
SHAddToRecentDocs
SHBrowseForFolder
SHGetFolderPathW
Shell_NotifyIconW

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

ZxZOQk8B
Size: 1024B - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

590264e566a0231f8c894896826e4445

Headers

File Characteristics

Imports

gdi32

advapi32

ole32

user32

comctl32

kernel32

shell32

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 99KB - Virtual size: 99KB

.rsrc Size: 18KB - Virtual size: 17KB

ZxZOQk8B Size: 1024B - Virtual size: 120KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 18KB - Virtual size: 17KB

ZxZOQk8B
Size: 1024B - Virtual size: 120KB