626f8d1584a67d145c0c338712353b96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

626f8d1584a67d145c0c338712353b96_JaffaCakes118
Size

115KB
MD5

626f8d1584a67d145c0c338712353b96
SHA1

5cca2ebaf0bc5fd84afe67fb19694aa6cce9849e
SHA256

3a79e817599ef981b7bf5010e3530e7cf82f50c67f40b49457c1d7320db10f24
SHA512

ccee8e1d6330068bcb3708a2d889785da77136744e7ca4dcb4a6f95e7da7b357ec73d402b78c7598d054a3c8d70b3b612c89ec2d4473f69b09b42ac8805e8f34
SSDEEP

3072:AEzqLdoeaJP/uHm+Uo9Jiia4VwWQPgXR4XHni7UJmCpH/b:NzqLaeaGlXm4VwRoXRsidab

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
626f8d1584a67d145c0c338712353b96_JaffaCakes118

Files

626f8d1584a67d145c0c338712353b96_JaffaCakes118
.exe windows:1 windows x86 arch:x86

6fcdf8468b9e51188912735efb641003

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
ExitProcess
GetStringTypeW
LoadResource
GetStringTypeExW
ReadProcessMemory
GetProcAddress
WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
VirtualQueryEx
WriteConsoleW
GetSystemTimeAsFileTime
IsBadReadPtr
InterlockedExchange

gdi32

EndPage
GetBkColor
SetTextColor
CreatePen
GetTextMetricsA
SelectObject
GetBkMode
MoveToEx
DeleteObject
Rectangle
SetTextAlign
EndDoc

comdlg32

GetOpenFileNameA
FindTextA
PrintDlgA
GetSaveFileNameA
ChooseFontA

user32

GetKeyState
DrawFrameControl
GetSysColorBrush
ScrollWindowEx
IsIconic
GetDlgItemTextA
CreateIconIndirect
GetUpdateRgn
InflateRect
wsprintfA

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitialize

comctl32

PropertySheetA
ImageList_Create
CreateToolbarEx
InitCommonControlsEx
ImageList_ReplaceIcon
CreatePropertySheetPageA

shell32

SHBrowseForFolderA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetMalloc

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcrt

memcpy
_adjust_fdiv
__p__commode
_controlfp
strcmp
_exit
iswgraph
cosh
_wsopen
__getmainargs
vwprintf
__setusermatherr
_wcsrev
__set_app_type
_heapused
_acmdln
_mbsstr
_XcptFilter
exit
strspn
_initterm
_ismbcl2
_except_handler3
__p__fmode
_execvpe
strtok

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6fcdf8468b9e51188912735efb641003

Headers

File Characteristics

Imports

kernel32

gdi32

comdlg32

user32

ole32

comctl32

shell32

version

msvcrt

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 932B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 932B