646909b22ba3361957a09eb9d7795a21_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

646909b22ba3361957a09eb9d7795a21_JaffaCakes118
Size

81KB
MD5

646909b22ba3361957a09eb9d7795a21
SHA1

6a07a6f74403df4060f480ae713ce6e8b24b130e
SHA256

247c4be326a0ea700649f7a5bf38fc5173a8e69364d45d6bd0cbdc92d16ad75b
SHA512

d00c9e4f8b1f315d087ddb3ee5386690437ea92d8a0a1a7432d542e317a2678048cf83bb57b90c6d18b79cd2e3465828372b08e1a3230c731560024018c04ccc
SSDEEP

1536:WjHSlhn8Cdi3DSD7fAfpP+6gy01J6qAd+ZHY1lAQBx+T7/HGI0:xlh8CduSAM6g71J6qqgLp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
646909b22ba3361957a09eb9d7795a21_JaffaCakes118

Files

646909b22ba3361957a09eb9d7795a21_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95f659e3822f13265ede67636401f72d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetMessageA
GetSubMenu
EnableMenuItem
FrameRect
SetWindowPos
GetSysColorBrush
UnhookWindowsHookEx
EqualRect
EnumWindows
PostQuitMessage
GetScrollPos
SetWindowTextA
GetSysColor

kernel32

InterlockedExchange
GetACP
RtlUnwind
GetStartupInfoA
GetSystemTime
GetThreadLocale
QueryPerformanceCounter
GetTimeZoneInformation
ExitProcess
VirtualAllocEx
FileTimeToSystemTime
GetTickCount
GetOEMCP
GetTempPathA
GetCurrentProcessId
GetFileAttributesA
SetUnhandledExceptionFilter

gdi32

SelectClipPath
DPtoLP
CreateICW
CopyEnhMetaFileA
GetMapMode
SetViewportExtEx
CreateCompatibleBitmap
FillRgn
ExcludeClipRect

ole32

CoCreateInstance
CoInitialize
OleRun
CoTaskMemRealloc
CoRevokeClassObject
DoDragDrop
StgOpenStorage
CoInitializeSecurity
StringFromGUID2

advapi32

AdjustTokenPrivileges
QueryServiceStatus
CheckTokenMembership
GetSecurityDescriptorDacl
GetUserNameA
CryptHashData
FreeSid
RegQueryValueExW
RegCreateKeyExW
RegCreateKeyA

msvcrt

strncpy
fflush
_mbscmp
strcspn
_strdup
strlen
__getmainargs
puts
signal
__initenv
_fdopen
_CIpow
iswspace
raise
_flsbuf
__setusermatherr
fprintf
_lock

comctl32

ImageList_GetIcon
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_GetIconSize
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_GetBkColor
InitCommonControls
ImageList_SetIconSize
ImageList_DragEnter
ImageList_DrawEx
ImageList_Write

shell32

SHGetPathFromIDList
DragQueryFileW
DragQueryFileA
ShellExecuteW
SHBrowseForFolderA
DoEnvironmentSubstW
ExtractIconExW
DragAcceptFiles
ShellExecuteEx
ExtractIconW
CommandLineToArgvW

oleaut32

SafeArrayCreate
SafeArrayPtrOfIndex
SafeArrayPutElement
VariantCopy
SafeArrayRedim
SysReAllocStringLen
SafeArrayGetUBound
SafeArrayUnaccessData

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95f659e3822f13265ede67636401f72d

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 40KB - Virtual size: 40KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 5KB