7041bd4f715ab54a57f9332d657a0043_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7041bd4f715ab54a57f9332d657a0043_JaffaCakes118
Size

92KB
MD5

7041bd4f715ab54a57f9332d657a0043
SHA1

9e1c10d6b0aa794764d81924ca9cd2d538f56f7a
SHA256

b82f38ded066b0d1ab2b254acc56e9c3252fabbc1926d44d3e5e7fc779e5ff92
SHA512

1472cde094b0d32a936b5a0468958c50603cdbb0f98246abddf862f47f53abec65350faea1a2ffc766e5adf3daeed3c20a7d9651f5f944b50868394f7ef87495
SSDEEP

1536:IIlW0MrvBpdKIA0hsqY0gR8DtdfXD2shnds8YaY9AnTTZXe307p9xjgQ0:IIlxGBpd3hsqY0gRAdm8YaZFXukpfgQ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7041bd4f715ab54a57f9332d657a0043_JaffaCakes118

Files

7041bd4f715ab54a57f9332d657a0043_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ace880dd161e7b6a7904686681711824

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

rename
fopen
fseek
remove

ole32

CoLoadLibrary
CoFreeLibrary
CoRevertToSelf
CoUninitialize
CoGetMalloc
CoCreateInstance
CoFreeUnusedLibraries
CoGetClassObject
CoInitializeEx
CoGetContextToken

gdiplus

GdipDeleteBrush
GdipCloneBrush
GdipMeasureString
GdipAddPathClosedCurveI
GdipAddPathCurveI
GdipSaveGraphics
GdipDrawString
GdipRestoreGraphics
GdipFlattenPath
GdipAddPathPieI
GdipMultiplyMatrix
GdipTranslateMatrix

kernel32

GetProcAddress
FreeLibrary
InterlockedExchange
GetLastError
LoadLibraryA
SetErrorMode
LocalAlloc
SetTimeZoneInformation
HeapCreate
WideCharToMultiByte
HeapFree
SystemTimeToFileTime
CreateProcessW
RaiseException
CreateFiber
FreeResource
SetFilePointerEx
SetFileTime
MoveFileW
GlobalFree
GetLocalTime
LockResource
GlobalHandle
SetSystemTime
GetVersion
GetCommandLineW
GetEnvironmentVariableW
HeapAlloc
LoadLibraryW
PostQueuedCompletionStatus
VirtualProtect
CloseHandle
GetThreadContext

user32

GetSubMenu
wsprintfW
GetMessageA
InvertRect
GetWindowRect
GetWindowDC
GetRawInputData
DialogBoxIndirectParamW
GetDC
DrawFocusRect
TranslateMessage
GetKBCodePage
DispatchMessageW
SetScrollInfo
DestroyMenu
GetClassWord
GetActiveWindow
FrameRect
SetWindowLongW
ReleaseDC
GetWindowLongW
SetRect

advapi32

QueryServiceStatus
RegQueryInfoKeyA
ChangeServiceConfigW
RegQueryValueA
RegisterServiceCtrlHandlerW
RegEnumKeyA
QueryServiceConfigW
RegCreateKeyA

Exports

Exports

_FreeStack@8
_MovePtrUp@12
_ReloadData@4
_UpdateFile@8

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 550B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ace880dd161e7b6a7904686681711824

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

gdiplus

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 200B

.rsrc Size: 78KB - Virtual size: 78KB

.reloc Size: 1024B - Virtual size: 550B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 200B

.rsrc
Size: 78KB - Virtual size: 78KB

.reloc
Size: 1024B - Virtual size: 550B