63f841b75f7065aa5a35487ae91b809f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

63f841b75f7065aa5a35487ae91b809f_JaffaCakes118
Size

200KB
MD5

63f841b75f7065aa5a35487ae91b809f
SHA1

b540f319ff74ae4051fd802ec44caae58b55ea84
SHA256

575626760d9dcb1a2a0fc9ca01ca8dd4789832a7552e45d36f5e1fb638c0c88b
SHA512

97dd84199eeaf4897b8214a4a3c87733f11d94b097d05f61c5e07dc803ab6935294b11ffd89333ad73fd492bac934022d8be0c259ce58278ab9b4863a3f2879b
SSDEEP

3072:wvgkZ+Uv4xMbOENR9CYTDkb1nXwHUtEWwfMsGD3HeOiaijMWm4pqhC:nGaEcXwZUsSM3jWJA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63f841b75f7065aa5a35487ae91b809f_JaffaCakes118

Files

63f841b75f7065aa5a35487ae91b809f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4dfb1f37ae9f11b8da61f9e2671d09a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_controlfp
wcscspn
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_exit
wcsncat
free
_XcptFilter
malloc
strtoul
wcsspn

advapi32

RegCloseKey

kernel32

SizeofResource
GetModuleHandleA
GetFileSize
GetStartupInfoA
LocalAlloc
LocalFree
SetErrorMode
GetCommandLineW
CloseHandle
GetLastError
lstrlenW
WriteFile
ReadFile
MulDiv
GetProcAddress
LockResource
LoadResource
lstrlenA
lstrcmpiA
SetFilePointer
WideCharToMultiByte
FindClose

gdi32

CreateSolidBrush
CreateCompatibleDC
GetMapMode
SetMapMode
SelectObject
BitBlt
DeleteDC
DeleteObject
GetDeviceCaps

user32

CheckDlgButton
GetParent
EnableWindow
DrawEdge
IsWindowEnabled
GetSystemMetrics
FillRect
OffsetRect
GetSysColorBrush
FrameRect
InflateRect
DrawFocusRect
SetFocus
GetWindowRect
GetSysColor
IsDlgButtonChecked
GetDlgItem
EnumWindows
wsprintfA
MsgWaitForMultipleObjects
InvalidateRect
GetClientRect
GetDC
ReleaseDC
BeginPaint
EndPaint
IsWindow

shlwapi

SHSetValueW
ord473
ord346
ord145
ord52
ord53
ord143
ord84
ord130
ord65
ord403
ord85
ord43
ord341
ord217
ord215
ord122
SHGetValueW
PathCombineW
StrToIntExW
StrCpyW
ord338
PathIsDirectoryW
PathCanonicalizeW
PathRelativePathToW
PathAppendW
StrCpyNW
StrCmpIW
StrCatBuffW
PathFindExtensionW
StrCmpNIW
wnsprintfW
StrStrIW
PathRemoveFileSpecW
PathUnExpandEnvStringsW
PathMakeSystemFolderW
SHRegisterValidateTemplate
PathFindFileNameW
StrChrW
StrCmpW
ord97
ord73
ord56
ord37
ord340
ord107
ord75
ord60
ord50
ord116
ord112
ord295
ord298
ord294
ord312
ord66
ord57
ord128
ord125
ord441
ord366
ord90
ord136
ord141
ord394
ord335
ord369
ord474
ord105
ord457
ord309
ord94
ord306
ord71
ord117

comctl32

ord324
ord320
ord321
ord322
PropertySheetW
CreatePropertySheetPageW

shell32

ord709
SHGetFolderPathW
ord42

ole32

StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize

comdlg32

ChooseColorA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4dfb1f37ae9f11b8da61f9e2671d09a7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shlwapi

comctl32

shell32

ole32

comdlg32

Sections

.text Size: 28KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 24KB - Virtual size: 23KB

.text Size: 140KB - Virtual size: 140KB

.text
Size: 28KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 140KB - Virtual size: 140KB