5bc87f8938b2f6c00713b681bf9f3e6e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5bc87f8938b2f6c00713b681bf9f3e6e_JaffaCakes118
Size

2.0MB
MD5

5bc87f8938b2f6c00713b681bf9f3e6e
SHA1

df31fe8fdd8e50d8d6193c859468a2c8a2856902
SHA256

da7e61fe178fbb10756f32e12d379d53f4ba325b632e0b543621116e82e84919
SHA512

35a3592ffa246a34bb213575dc852d81887e6f9fedd991bd9f6b3976ad12c4c94142cf7d9f8181aa8174a13d67058f428af63f5cba9ead24e7e5ab12d8b4a4ae
SSDEEP

24576:XdH1dJntd4tP9FYIaPm0nWBehqYT15x4H686jt+CZmMvWNbxCCY2kXdIFZeZH4/D:XJjJTkPx0nJZYHatVZAbxo2cdI6ZY/GO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5bc87f8938b2f6c00713b681bf9f3e6e_JaffaCakes118

Files

5bc87f8938b2f6c00713b681bf9f3e6e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82e220505ee6a59fd105b80f5e7216c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GdiComment
TranslateCharsetInfo
EndPath
PlayEnhMetaFile

oleaut32

SafeArrayGetElement
SafeArrayGetLBound
SafeArrayPutElement
QueryPathOfRegTypeLi

user32

LoadIconW
PeekMessageW
ChildWindowFromPoint
GetClassNameA
UnregisterHotKey
DefWindowProcW
OemToCharBuffW
FillRect
CreateIconIndirect
SendMessageA
GetAsyncKeyState
IsDialogMessageW
SwitchToThisWindow
MapVirtualKeyW
GetMessageW
GetUserObjectSecurity
IsWindow
IsCharAlphaW
DrawFrameControl
CloseClipboard
LoadCursorFromFileW
GetKeyboardLayout
CopyRect
wsprintfA
LoadCursorA
AppendMenuA
SetUserObjectSecurity

kernel32

GetCurrentProcessId
CancelIo
EnumTimeFormatsW
DeleteCriticalSection
ReadFile
WritePrivateProfileStringW
DeleteFiber
ExitProcess
GlobalFree
GetUserDefaultLangID
SetCurrentDirectoryA
CompareStringA
GetPrivateProfileStringA

version

VerInstallFileA

ws2_32

WSASetServiceA
WSAAddressToStringW
WSAIsBlocking
shutdown
WSAEnumNetworkEvents
WSAAsyncGetProtoByNumber
WSADuplicateSocketA
WSASendTo
WSARecvDisconnect
WSAGetServiceClassInfoA

comctl32

ImageList_SetOverlayImage
CreatePropertySheetPageW
_TrackMouseEvent
ImageList_Add

advapi32

RegSetKeySecurity
OpenEventLogW
SetSecurityInfo
RegGetKeySecurity
ChangeServiceConfigW
RegFlushKey
RegisterEventSourceA
RegEnumKeyExA
CreateProcessAsUserA
QueryServiceStatus
RevertToSelf
BuildTrusteeWithNameW
GetSecurityDescriptorSacl
SetPrivateObjectSecurity
CryptGetProvParam
SetServiceObjectSecurity
GetPrivateObjectSecurity
SetFileSecurityW
RegSaveKeyA

msvcrt

iswcntrl
_ecvt
isupper
freopen
getchar
_wchdir
qsort
system
strncpy
_mbscpy
strerror

Sections

.text
Size: 2KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82e220505ee6a59fd105b80f5e7216c4

Headers

File Characteristics

Imports

gdi32

oleaut32

user32

kernel32

version

ws2_32

comctl32

advapi32

msvcrt

Sections

.text Size: 2KB - Virtual size: 219KB

.text Size: 512B - Virtual size: 6B

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 219KB

.text
Size: 512B - Virtual size: 6B

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 17KB - Virtual size: 16KB