63d2b4a44d482c4eb68adccf0397648c_JaffaCakes118

General

Target

63d2b4a44d482c4eb68adccf0397648c_JaffaCakes118
Size

106KB
MD5

63d2b4a44d482c4eb68adccf0397648c
SHA1

131d6999f81f7a9aa933278a77189d3764e669c4
SHA256

2bdf36503008b59ada9e23fcd62be17ffaa17bb69c8e4b97ce2bcbc593dc63e7
SHA512

cff052b2d0075abb1e8f6a974e4a23580501f8a93c06daf555f3d115a6c9557b2e89e030e7d930ef397922e832de3dd9a66f7595cbc471f2318ae91784a88b6e
SSDEEP

1536:4GM5j20yxng7800H+fjaVzenfstniQTgjWI4oiNbr7Hm+:bIC0HQzHwIzekt30xer7Hm+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63d2b4a44d482c4eb68adccf0397648c_JaffaCakes118

Files

63d2b4a44d482c4eb68adccf0397648c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6ce54a313c8aa4d5a6c1c9a70164cf8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualProtect
WaitForSingleObject
GetUserDefaultLangID
SystemTimeToFileTime
GetModuleHandleA
TerminateProcess
RtlUnwind
GetStartupInfoA

user32

LoadBitmapA
GetCapture
GetDC
PeekMessageA
PostMessageA
OffsetRect
EnumThreadWindows
RemovePropA
LoadIconA
GetSysColor
SendDlgItemMessageA

msvcrt

__set_app_type
_vsnwprintf
_except_handler3
__p__commode
_controlfp
cos
_lseeki64
_wcsnicmp
_initterm
__getmainargs
_write
__p__fmode
sqrt
exit
_acmdln
__setusermatherr
_flsbuf
_adjust_fdiv
_XcptFilter

shell32

ExtractIconExW
SHBrowseForFolderA
SHFileOperationA
SHGetDesktopFolder
ExtractIconW
DragQueryFile
ExtractAssociatedIconW
SHCreateDirectoryExA
SHBrowseForFolder

comctl32

ImageList_Remove
ImageList_GetBkColor
ImageList_AddMasked
ImageList_GetIconSize
ImageList_Replace

ole32

CoCreateGuid
StgCreateDocfileOnILockBytes
OleSetClipboard
CLSIDFromProgID
CoRegisterClassObject
IsEqualGUID
ProgIDFromCLSID
CoLoadLibrary
CreateBindCtx

advapi32

GetUserNameA
CryptDestroyHash
SetSecurityDescriptorGroup
IsValidSid
RegOpenKeyA
RegEnumValueW
RegCreateKeyA
OpenSCManagerW
QueryServiceStatus

oleaut32

VariantClear
SafeArrayPtrOfIndex
VariantCopyInd
SafeArrayCreate
SysStringByteLen
SafeArrayGetElement

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ce54a313c8aa4d5a6c1c9a70164cf8b

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

shell32

comctl32

ole32

advapi32

oleaut32

Sections

.text Size: 75KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 25KB - Virtual size: 25KB

.text
Size: 75KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 25KB - Virtual size: 25KB