5a6fab6b5595f2e24b1e9c88bb3970d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a6fab6b5595f2e24b1e9c88bb3970d4_JaffaCakes118
Size

177KB
MD5

5a6fab6b5595f2e24b1e9c88bb3970d4
SHA1

f9c12e6db6677bca9b016b75d159b677cd7bdac0
SHA256

3548f742ee5f75734703310c9f32420436c7447c84761333ab5753b11056bac9
SHA512

cdc7ba205fb33f5a065773f773a06aaaebc8a7a3df905c4b9b4ab0fe232b3072643eebd7bb31414efdcb7bdc5b7b4573691a8c3fc7709006260102452ddc7fed
SSDEEP

3072:SPu6bY3EypAWW7SHOeqrnleFXY5FzCc4oesNDlJSl5Y1zltp6TFkltXIRzatMzoe:SPu676AW6SueQle08c4odNhJSANl+SXp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a6fab6b5595f2e24b1e9c88bb3970d4_JaffaCakes118

Files

5a6fab6b5595f2e24b1e9c88bb3970d4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00b8f18b5b80b789cfa80f46e979a715

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromGUID2
OleInitialize
CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
OleUninitialize
CoInitialize

user32

PostMessageW
ScreenToClient
GetClientRect
GetSysColor
LoadImageW
DrawTextW
InflateRect
ReleaseCapture
UnionRect
ClientToScreen
GetSysColorBrush
GetWindowRect
SetTimer
GetDesktopWindow
GetParent
OffsetRect
KillTimer
SetCapture
EnableWindow
DestroyMenu
SetWindowLongW
FrameRect
SetRect
CopyRect
CreatePopupMenu
GetDC
SetRectEmpty
ReleaseDC
IsWindow
SendMessageW
IntersectRect
IsRectEmpty
UpdateWindow
GetSystemMetrics
SetForegroundWindow
DefWindowProcW
FillRect
SetFocus
GetCursorPos
SetCursor
PtInRect
FindWindowExW
GetWindowLongW
EqualRect
TrackPopupMenuEx
DrawFocusRect
LoadCursorW
ShowScrollBar
GetActiveWindow
IsWindowVisible
wsprintfW
BringWindowToTop
InvalidateRect

shell32

SHGetDesktopFolder
DragQueryFileW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoW

advapi32

RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyW
RegDeleteKeyW

avifil32

AVISaveOptions
AVIMakeCompressedStream

kernel32

MultiByteToWideChar
CreateThread
InterlockedExchange
FindNextChangeNotification
ReplaceFileW
FindClose
CloseHandle
FileTimeToSystemTime
FindFirstChangeNotificationW
GlobalLock
GetThreadLocale
GetVersionExW
FindFirstFileW
GetACP
InterlockedIncrement
GetProcessId
Sleep
InitializeCriticalSection
ResetEvent
FindCloseChangeNotification
DeleteCriticalSection
GetLocaleInfoA
WaitForSingleObject
GetDriveTypeW
GetTickCount
GetLastError
EnumResourceTypesA
GlobalReAlloc
GetFullPathNameW
lstrlenW
GetModuleFileNameA
GetSystemTimeAsFileTime
ExitProcess
GlobalAlloc
GetModuleHandleW
MulDiv
WideCharToMultiByte
lstrlenA
GetProcAddress
EnterCriticalSection
GlobalUnlock
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
FreeLibrary
lstrcpynW
SetEvent
InterlockedDecrement
CreateEventW
DisableThreadLibraryCalls
QueryPerformanceCounter
FileTimeToLocalFileTime
GetVersionExA

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

00b8f18b5b80b789cfa80f46e979a715

Headers

File Characteristics

Imports

ole32

user32

shell32

advapi32

avifil32

kernel32

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 69KB - Virtual size: 69KB

.tls Size: 1024B - Virtual size: 248KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 69KB - Virtual size: 69KB

.tls
Size: 1024B - Virtual size: 248KB