6fbfb253f064eb906bfdd61717595c7a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fbfb253f064eb906bfdd61717595c7a_JaffaCakes118
Size

396KB
MD5

6fbfb253f064eb906bfdd61717595c7a
SHA1

a1b00b46bf753715f7fa2447f4c04c9851718202
SHA256

8b35e19a28ce01537239690655e6fc7f82577d95e1d7b2f03d94c6bbb8b949b1
SHA512

de0737954242bdb8c8bdf1860358fe47de24d0a6deb652ff574039a4605f2c405aa4250384bf1fd8c92c8c6f203d82f21ecda4af469c57fb1b52076a3a4fc625
SSDEEP

12288:8NvTNiuX2NV00XX4w7UqUr3YtRv+uG7jujPyl:YN924KX4wfUrYtRWjjujKl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fbfb253f064eb906bfdd61717595c7a_JaffaCakes118

Files

6fbfb253f064eb906bfdd61717595c7a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

030bdb3f192718e40b31f847227d6f5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_cexit
_wcmdln
exit
_adjust_fdiv
__p__fmode
_controlfp
_c_exit
_XcptFilter
_vsnwprintf
malloc
wcsncpy

ole32

CoRevokeClassObject
CoInitialize
CoRegisterClassObject
CoCreateInstance
StringFromCLSID

advapi32

RegSetValueExW
RegDeleteValueW
CloseServiceHandle

shlwapi

ord174
StrCpyNW
PathRemoveFileSpecW
wnsprintfW
PathRemoveExtensionW

gdi32

GetStockObject
SetBrushOrgEx
CreatePenIndirect
CreateDIBSection
CreateCompatibleDC
GetTextExtentPoint32W
SelectObject
CreateFontIndirectW
SetBkMode
CreateSolidBrush
MoveToEx
Ellipse

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHOpenFolderAndSelectItems
SHGetMalloc
SHParseDisplayName
SHGetDesktopFolder

kernel32

SetFileTime
lstrcmpiW
FindNextFileW
WaitForSingleObject
SetEvent
UnmapViewOfFile
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
LoadResource
UnhandledExceptionFilter
VirtualAllocEx
WriteFile
GetFullPathNameW
LocalAlloc
LocalFileTimeToFileTime
MapViewOfFile
FreeLibraryAndExitThread
CreateThread
CreateFileW
CreateProcessW
SystemTimeToFileTime
LeaveCriticalSection
CreateEventA
GetTempFileNameW
CreateEventW
GetCurrentProcess
GlobalLock
lstrlenA
MoveFileW
OpenFileMappingW
FormatMessageW
LoadLibraryExW
CopyFileW
GetWindowsDirectoryW
InterlockedDecrement
Sleep
GetShortPathNameW

user32

GetWindowRect
SetCapture
GetParent
GetCapture
GetForegroundWindow
DialogBoxParamW
CopyRect
GetIconInfo
IsWindowVisible
GetPropW
GetDC
CopyIcon
EnableWindow
MessageBoxW
DrawIconEx
DrawTextW
ReleaseDC
IsWindowEnabled
UpdateWindow
DrawTextExW
LoadImageW
DestroyAcceleratorTable
SetWindowTextW
TranslateMessage
MoveWindow
wsprintfW
SetFocus
DrawFocusRect
SendDlgItemMessageW
MapWindowPoints
ShowWindow
RegisterWindowMessageW
IsRectEmpty
KillTimer
GetMessageW
RegisterClassExW
MessageBoxIndirectW

gdiplus

GdipCreateHBITMAPFromBitmap
GdipGetImageRawFormat
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipFree
GdipGetImageDecoders
GdipSaveAddImage
GdiplusShutdown
GdipCloneImage
GdipGetImageWidth

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

030bdb3f192718e40b31f847227d6f5d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

advapi32

shlwapi

gdi32

shell32

kernel32

user32

gdiplus

Sections

.text Size: 241KB - Virtual size: 241KB

.data Size: 145KB - Virtual size: 145KB

.rsrc Size: 9KB - Virtual size: 368KB

.text
Size: 241KB - Virtual size: 241KB

.data
Size: 145KB - Virtual size: 145KB

.rsrc
Size: 9KB - Virtual size: 368KB