5aa6852771b1a941fa72dea6033f27c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5aa6852771b1a941fa72dea6033f27c7_JaffaCakes118
Size

396KB
MD5

5aa6852771b1a941fa72dea6033f27c7
SHA1

ac5097af9b45706061d9fdb00dbcfa9fcfb6d519
SHA256

03212d3ca50c96f29315ff21d09a66a0d12b1dbe3487ef874d4fb2d7aed85f47
SHA512

417786eeb352cb267751f178febc9c1d134d5a13695937fdd9f24edfb0b788363889a1c3abcdd4e77713c71d468a2a7726bf0989eabb008e9d32ffd3a6c89cd4
SSDEEP

12288:pNvTNiuX2NV00XX4w7UqUr3YtRv+uG7jujPyl:LN924KX4wfUrYtRWjjujKl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aa6852771b1a941fa72dea6033f27c7_JaffaCakes118

Files

5aa6852771b1a941fa72dea6033f27c7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

030bdb3f192718e40b31f847227d6f5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_cexit
_wcmdln
exit
_adjust_fdiv
__p__fmode
_controlfp
_c_exit
_XcptFilter
_vsnwprintf
malloc
wcsncpy

ole32

CoRevokeClassObject
CoInitialize
CoRegisterClassObject
CoCreateInstance
StringFromCLSID

advapi32

RegSetValueExW
RegDeleteValueW
CloseServiceHandle

shlwapi

ord174
StrCpyNW
PathRemoveFileSpecW
wnsprintfW
PathRemoveExtensionW

gdi32

GetStockObject
SetBrushOrgEx
CreatePenIndirect
CreateDIBSection
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW
SetBkMode
CreateSolidBrush
MoveToEx
Ellipse

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHOpenFolderAndSelectItems
SHGetMalloc
SHParseDisplayName
SHGetDesktopFolder

kernel32

SetFileTime
lstrcmpiW
FindNextFileW
WaitForSingleObject
SetEvent
UnmapViewOfFile
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
LoadResource
UnhandledExceptionFilter
VirtualAllocEx
WriteFile
GetFullPathNameW
LocalAlloc
LocalFileTimeToFileTime
MapViewOfFile
FreeLibraryAndExitThread
CreateThread
CreateFileW
CreateProcessW
SystemTimeToFileTime
LeaveCriticalSection
CreateEventA
GetTempFileNameW
CreateEventW
GetCurrentProcess
GlobalLock
lstrlenA
MoveFileW
OpenFileMappingW
FormatMessageW
LoadLibraryExW
CopyFileW
GetWindowsDirectoryW
InterlockedDecrement
Sleep
GetShortPathNameW

user32

GetWindowRect
SetCapture
GetParent
GetCapture
GetForegroundWindow
DialogBoxParamW
CopyRect
GetIconInfo
IsWindowVisible
GetPropW
GetDC
CopyIcon
EnableWindow
MessageBoxW
DrawIconEx
DrawTextW
ReleaseDC
IsWindowEnabled
UpdateWindow
DrawTextExW
LoadImageW
DestroyAcceleratorTable
SetWindowTextW
TranslateMessage
MoveWindow
wsprintfW
SetFocus
DrawFocusRect
SendDlgItemMessageW
MapWindowPoints
ShowWindow
RegisterWindowMessageW
IsRectEmpty
KillTimer
GetMessageW
RegisterClassExW
MessageBoxIndirectW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipGetImageRawFormat
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipFree
GdipGetImageDecoders
GdipSaveAddImage
GdiplusShutdown
GdipCloneImage
GdipGetImageWidth

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

030bdb3f192718e40b31f847227d6f5d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

advapi32

shlwapi

gdi32

shell32

kernel32

user32

gdiplus

Sections

.text Size: 241KB - Virtual size: 241KB

.data Size: 145KB - Virtual size: 145KB

.rsrc Size: 9KB - Virtual size: 368KB

.text
Size: 241KB - Virtual size: 241KB

.data
Size: 145KB - Virtual size: 145KB

.rsrc
Size: 9KB - Virtual size: 368KB