7299d340223a6155cd4d6031ef940eec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7299d340223a6155cd4d6031ef940eec_JaffaCakes118
Size

126KB
MD5

7299d340223a6155cd4d6031ef940eec
SHA1

50603c4188fe75b2b37f8b3bde238be013aafcb4
SHA256

9e53b19e9690717d9a8fa3c56451e8d514e8bce8be09e4bf3c0b43bc3096d6fe
SHA512

df65d4dd577945ee68be366329776fbd4dea20fa477489e7425a54c83c2236628a13c11a4012cecc5e807dd074db845a98a97705ada5f9571004d1ad890fcaad
SSDEEP

3072:tmf+jrG/ShZcdFLm8UdjtlELlhc1eSQbdHniQUIWGH:k+8fe8MtYhc1hQbdHiQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7299d340223a6155cd4d6031ef940eec_JaffaCakes118

Files

7299d340223a6155cd4d6031ef940eec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8566a2c7c7cf82112966c4b0fe8f7162

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

IsBadWritePtr
FileTimeToSystemTime
GetConsoleMode
LocalFileTimeToFileTime
GetStartupInfoW
FileTimeToDosDateTime
GetDateFormatA
LCMapStringW
DisableThreadLibraryCalls
CopyFileA
DuplicateHandle
GetStartupInfoA
GetFileTime
VirtualProtect
GetModuleHandleA

msvcrt

_initterm
_acmdln
__p__commode
_utime
log10
fflush
__p__fmode
_write
_XcptFilter
__getmainargs
_adjust_fdiv
_controlfp
__set_app_type
__setusermatherr
_flsbuf
_except_handler3
exit
strncpy

gdi32

TextOutW
SetRectRgn
CreateICW
SetGraphicsMode
RestoreDC
CreateDCW
ExcludeClipRect
Escape
GetViewportOrgEx
ScaleWindowExtEx
GetTextExtentPoint32W
SetMapperFlags

user32

EndPaint
DestroyIcon
DrawEdge
GetLastActivePopup
DispatchMessageA
SetPropA
WindowFromPoint
GetIconInfo
CreateMenu

version

GetFileVersionInfoW
GetFileVersionInfoA
VerInstallFileW
GetFileVersionInfoSizeA
VerInstallFileA
VerQueryValueA

comctl32

ImageList_Replace
ImageList_Read
ImageList_DragEnter
DestroyPropertySheetPage
ImageList_AddMasked
ImageList_SetDragCursorImage
CreatePropertySheetPageW
ImageList_Create
CreateStatusWindowA
ImageList_DragShowNolock
ImageList_GetIconSize

oleaut32

SetErrorInfo
LoadTypeLib
GetErrorInfo
GetActiveObject
SafeArrayUnaccessData
VariantInit
SafeArrayPutElement
SysAllocStringByteLen
VariantClear
SysStringLen
SafeArrayGetUBound

ole32

IsAccelerator
CoSetProxyBlanket
PropVariantClear
OleFlushClipboard
OleDraw
ProgIDFromCLSID
OleUninitialize

advapi32

RegEnumKeyExA
RegCreateKeyExW
GetTokenInformation
CryptHashData
AllocateAndInitializeSid
RegEnumValueA
CryptGenRandom

shell32

ExtractIconExA
SHGetFileInfoA
ExtractIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathA
SHGetPathFromIDListW
DragFinish

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8566a2c7c7cf82112966c4b0fe8f7162

Headers

File Characteristics

Imports

kernel32

msvcrt

gdi32

user32

version

comctl32

oleaut32

ole32

advapi32

shell32

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 18KB - Virtual size: 42KB

.rsrc Size: 90KB - Virtual size: 90KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 18KB - Virtual size: 42KB

.rsrc
Size: 90KB - Virtual size: 90KB