607facd3a051f1b8bb1f3824f1c7a389_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

607facd3a051f1b8bb1f3824f1c7a389_JaffaCakes118
Size

134KB
MD5

607facd3a051f1b8bb1f3824f1c7a389
SHA1

797f9225870b06808d628761196555fc776471ab
SHA256

d88066ab7d225373aefcfe6c9b3da74f4c8348bbfef4343844eb08159ffdfd53
SHA512

726eac073a3f75b619fea3198842a572f116e1cd9c7eb988b630d12ce8ad3aa5527b24ce39cfb7afb529639e50c0c7a7457362decedbaf3db39296efadee14da
SSDEEP

3072:gOHf1oiQwiYhKO5IXFmjWG1Xwi6paGf8bP:gO/NtmVmlwisp0bP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
607facd3a051f1b8bb1f3824f1c7a389_JaffaCakes118

Files

607facd3a051f1b8bb1f3824f1c7a389_JaffaCakes118
.exe windows:5 windows x86 arch:x86

016a3f563834106c1f1f9251fdb3a680

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

strrchr
memmove
_wcsupr
_wcsicmp
_chkstk

shell32

DoEnvironmentSubstW
SHGetMalloc
SHGetIconOverlayIndexA
SHFreeNameMappings

shlwapi

StrChrA

kernel32

WriteFileGather
LoadLibraryW
SizeofResource
GetExitCodeProcess
GetModuleHandleW
GetModuleFileNameW
CreateFileW
GetOverlappedResult
GetLogicalDriveStringsA
GetLastError
BackupRead
lstrcmpiA
BeginUpdateResourceA
HeapSetInformation
GetShortPathNameW
CloseHandle
GetThreadTimes
ResumeThread
lstrcpyW
SetFileAttributesW
GetCurrentProcess
GlobalAddAtomA
FindResourceExW
SearchPathW
ReadFile

user32

RegisterClipboardFormatA
LoadIconW
GetIconInfo
DlgDirListA
CreateCursor
DialogBoxParamW
CopyImage
InvalidateRect
GetUpdateRgn
GetDlgItemInt
CountClipboardFormats
GetClipboardOwner
CharToOemA
GetShellWindow
CreateIconFromResource
DestroyCursor
CheckDlgButton
GetMenuItemCount
ValidateRgn
DrawTextW
SetDlgItemTextW
GetDlgItemTextW

gdi32

CreateFontIndirectW
StrokePath
CreateColorSpaceA
WidenPath
AbortPath
SetAbortProc
GetBoundsRect
PtInRegion
FlattenPath
CreateCompatibleDC
SetPixelV
StrokeAndFillPath
UpdateColors
CreateRectRgn
GetNearestPaletteIndex
MaskBlt

winspool.drv

DeviceCapabilitiesW

ole32

OleGetAutoConvert
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CreateOleAdviseHolder

Exports

Exports

?CBhgfbgdshdHJGfydghkjfd@@YGKK@Z
?JHfdhgsHGfsdsdHGsdfd@@YGKKKK@Z
?JHfkujhgJHfsdgJHgfhdkgf@@YGKKK@Z

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.export
Size: 512B - Virtual size: 181B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

016a3f563834106c1f1f9251fdb3a680

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

shell32

shlwapi

kernel32

user32

gdi32

winspool.drv

ole32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 456B

.export Size: 512B - Virtual size: 181B

.rsrc Size: 119KB - Virtual size: 119KB

.reloc Size: 1024B - Virtual size: 610B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 456B

.export
Size: 512B - Virtual size: 181B

.rsrc
Size: 119KB - Virtual size: 119KB

.reloc
Size: 1024B - Virtual size: 610B