5a824d4a0395638eb3fa1a26ea80fcb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5a824d4a0395638eb3fa1a26ea80fcb6_JaffaCakes118
Size

377KB
MD5

5a824d4a0395638eb3fa1a26ea80fcb6
SHA1

d2f0acdfa48bdc27c803131a4c04d315f733b2f6
SHA256

d7372ff06d433786fd9287fa27f7c2b6f480ed31f861cea51291252a550ff7f2
SHA512

0ec047de62dfc9036f75249e2d8c4cd24061cbd6afa49c5c671ff035cc4eb199ed08711afa931bb3be31f54c67fad2262b7c0c7da378f8b93b2c75cb214bcc9a
SSDEEP

6144:HR7Yt+GzHM+sd4NnkjkUamgDXSgg48dIhfYQeq3sTDMZbx4nzoTV:xEJs/d4GkagDCg58gQQWTDMZb5TV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5a824d4a0395638eb3fa1a26ea80fcb6_JaffaCakes118

Files

5a824d4a0395638eb3fa1a26ea80fcb6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f7f5918d6ccc8cbc3242cf25d53756a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ReportEventW
RegCreateKeyExA
RegQueryInfoKeyA
StartServiceW
RegQueryValueExA
CryptCreateHash
RegReplaceKeyW
RegCreateKeyW
RegQueryValueExW
RegSetValueW

gdi32

PlayMetaFile
CopyEnhMetaFileW
GetTextFaceW
GetObjectType
ExtCreateRegion
CreateMetaFileA
GetTextFaceA
EndDoc

shell32

ShellAboutW
ExtractIconW
SHGetDataFromIDListA
SHUpdateRecycleBinIcon
SHEmptyRecycleBinA
RealShellExecuteA
DragQueryFileAorW
SHGetSpecialFolderLocation
SheGetDirA
FreeIconList
SHLoadInProc
SHGetSettings
SHGetPathFromIDListA
SHGetSpecialFolderPathW
SHGetDiskFreeSpaceA
DragQueryFile
DragFinish
RealShellExecuteExA
RealShellExecuteW

user32

SetWindowWord
CloseWindow
EnumClipboardFormats
GetScrollBarInfo
CreateMenu
RegisterWindowMessageA
DlgDirSelectExW
ReleaseDC
EnumDesktopWindows
SetWindowsHookExW
PtInRect
RegisterClassExA
GetClassInfoExA
GetClipboardViewer
GetKBCodePage
GetMonitorInfoW
ValidateRect
DefDlgProcW
GetMenuState
PostMessageW
EndPaint
InsertMenuItemA
GetScrollRange

kernel32

VirtualAlloc
GetProcAddress
DebugActiveProcess
InterlockedExchange
Sleep
GetModuleFileNameA
GetVersionExA
EnumDateFormatsA
QueryPerformanceCounter
GetCurrentProcessId
CreateFileW
SetThreadIdealProcessor
TlsSetValue
GetLocaleInfoA
SetLocaleInfoA
WriteConsoleW
GetProcessHeap
VirtualQuery
RtlUnwind
GetPrivateProfileSectionA
GetStartupInfoW
GetPrivateProfileSectionNamesW
GetCurrentThreadId
LocalFileTimeToFileTime
WaitCommEvent
ExitProcess
GetSystemTimeAsFileTime
GetTickCount
GetConsoleOutputCP
GetConsoleCursorInfo
GlobalHandle
HeapReAlloc
OpenFileMappingA
EnumSystemLocalesW
HeapFree
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetAtomNameA
LocalAlloc
HeapAlloc
GetSystemTimeAdjustment
GetModuleHandleA

comdlg32

PageSetupDlgW
GetFileTitleA
ReplaceTextA
PageSetupDlgA
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
ChooseFontW
ChooseColorW
FindTextW
ChooseColorA
FindTextA
ReplaceTextW

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f7f5918d6ccc8cbc3242cf25d53756a

Headers

File Characteristics

Imports

advapi32

gdi32

shell32

user32

kernel32

comdlg32

Sections

.text Size: 106KB - Virtual size: 106KB

.data Size: 263KB - Virtual size: 263KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 106KB - Virtual size: 106KB

.data
Size: 263KB - Virtual size: 263KB

.rsrc
Size: 6KB - Virtual size: 6KB