77292996440103f660f247f1ae577607_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

77292996440103f660f247f1ae577607_JaffaCakes118
Size

147KB
MD5

77292996440103f660f247f1ae577607
SHA1

cab13e252806035ec1232ba49df2694e0b84f2ec
SHA256

eb02d9974806c1c9b82349a9da2069c0632dffefc7309ec3f630fe5288cbcd0d
SHA512

9a183cec1934315cde22cd05b990310c4779d9b7500faead5419b284f93394c0e7bcd1f8f6c99cc19705548a0f2ea1fca6aab61b2ecb8a8f15c8e44237100f50
SSDEEP

3072:Qi4RVCJFBzB7pW+EzuZrwCRGEK7sjeHzLwgqHeGVWq10Vh5lo/V:Q5WZRJjeHXwxVW1h5liV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77292996440103f660f247f1ae577607_JaffaCakes118

Files

77292996440103f660f247f1ae577607_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56381d31cc9e68c849c654415fa2eaeb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualProtect
GetVersion
WaitForSingleObject
GetModuleHandleA
FormatMessageA
GetStartupInfoA
GetFullPathNameA
SetEnvironmentVariableA
WaitForMultipleObjects
SystemTimeToFileTime
SetFilePointer
GetDriveTypeA
GetStringTypeExA
CreateFileMappingA
GetPrivateProfileStringA
LocalFree

user32

GetMessagePos
CreateWindowExA
IsChild
DrawFrameControl
CloseClipboard
KillTimer
IsWindowEnabled
SendDlgItemMessageA
GetSysColor
TrackPopupMenu
AdjustWindowRectEx
CharLowerA
OpenClipboard
GetClassInfoA
EmptyClipboard
DrawIcon
CallNextHookEx
DrawIconEx

msvcrt

log10
__p__fmode
toupper
__p__commode
__getmainargs
_lock
exit
strlen
_pctype
__mb_cur_max
__setusermatherr
_acmdln
_dup
_initterm
_read
_except_handler3
strpbrk
__set_app_type
_adjust_fdiv
_XcptFilter
_lseeki64

ole32

CoInitialize
CoLoadLibrary
CoReleaseMarshalData
CoDisconnectObject
CoTaskMemAlloc
PropVariantClear
StringFromCLSID
StgOpenStorageOnILockBytes

comctl32

ImageList_SetOverlayImage
ImageList_GetImageCount
ImageList_Remove
ImageList_SetDragCursorImage
InitializeFlatSB
ImageList_Write
ImageList_DragEnter
ImageList_GetIconSize
ImageList_DragShowNolock

oleaut32

SysAllocStringLen
SafeArrayGetUBound
GetActiveObject
SafeArrayRedim
SysStringLen
SafeArrayPutElement
LoadTypeLib
SysAllocStringByteLen

advapi32

RegQueryValueExA
RegEnumKeyW
InitiateSystemShutdownA
RegOpenKeyW
RegQueryValueExW
LookupPrivilegeValueA
RegOpenKeyExW
RegDeleteKeyW
GetUserNameA
CryptReleaseContext
AddAccessAllowedAce

shell32

DragQueryFileW
DragQueryFileA
SHGetDesktopFolder
SHGetPathFromIDList
SHGetSpecialFolderPathW
SHGetPathFromIDListA
SHGetFolderLocation
DragQueryFile
ShellExecuteEx
SHAddToRecentDocs
SHAppBarMessage

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

56381d31cc9e68c849c654415fa2eaeb

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

ole32

comctl32

oleaut32

advapi32

shell32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 6KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 6KB - Virtual size: 5KB