820ecd45681cff853706d4c48e1efed3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

820ecd45681cff853706d4c48e1efed3_JaffaCakes118
Size

1.3MB
MD5

820ecd45681cff853706d4c48e1efed3
SHA1

a298473dc8a85ce9c38d4c716de5a503c13cd777
SHA256

ec6010ce06fa0e5792a75e4875d7ac7aa8b30c09f29dd914fe5af15a6e94613d
SHA512

72ae193299c0cc1ca75e81c9b77c82d0df882add52060cc4181626f1f43ac1e0b8b2ac1c773edd0709684eb47b5c5642762b6c2b1b1cb6695e0d7ff00eb040d4
SSDEEP

6144:a/rcgWknft2QUOfw82q6rD2GWx9mX0rjSBXlKkBIcWqWom:a/rcg3ft2zOfw82w9qqjeXvIcWfo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
820ecd45681cff853706d4c48e1efed3_JaffaCakes118

Files

820ecd45681cff853706d4c48e1efed3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8fc181cde798f82af4f14a8945d9d0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

atol
swprintf
exp
strcmp
tolower
wcstol
log
mbstowcs
strlen
atol
abs
rand
swprintf
exp
malloc
calloc

shell32

SHFileOperationA
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHFileOperationA
DragQueryFileA
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetFolderPathA

gdi32

LineTo
GetCurrentPositionEx
GetRgnBox
CreatePenIndirect
RestoreDC
SelectPalette
CreateCompatibleDC
SetPixel
GetBitmapBits
CreateFontIndirectA
CreateBitmap
GetDIBColorTable
CopyEnhMetaFileA

comdlg32

FindTextA

advapi32

RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyA
RegOpenKeyA

kernel32

GetModuleHandleA
LoadLibraryExA
IsBadHugeReadPtr
GetProcAddress
ExitProcess
GetCommandLineA
IsBadReadPtr
ExitThread
GetLastError
LocalAlloc
VirtualAllocEx
GetACP
LoadLibraryA

user32

CharLowerA
SetClipboardData

ole32

StringFromIID
CoUninitialize
StgOpenStorage
OleCreateStaticFromData

oleaut32

SafeArrayPtrOfIndex
SafeArrayGetUBound
VariantChangeType
VariantCopyInd
SysFreeString
SysStringLen
SysAllocStringLen
SysFreeString
SafeArrayPtrOfIndex
SysStringLen
OleLoadPicture

shlwapi

SHSetValueA
SHQueryInfoKeyA
SHQueryValueExA

comctl32

ImageList_Add
ImageList_Create
ImageList_DrawEx
ImageList_Write
ImageList_Remove
ImageList_Destroy
ImageList_GetBkColor
ImageList_Draw
ImageList_DragShowNolock
ImageList_Read
ImageList_Create
ImageList_Draw
ImageList_Write
ImageList_DragShowNolock

version

VerInstallFileA
GetFileVersionInfoSizeA

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DATA1
Size: 512B - Virtual size: 14B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DATA6
Size: 112KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DATA2
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DATA8
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8fc181cde798f82af4f14a8945d9d0c

Headers

File Characteristics

Imports

msvcrt

shell32

gdi32

comdlg32

advapi32

kernel32

user32

ole32

oleaut32

shlwapi

comctl32

version

Sections

.text Size: 53KB - Virtual size: 52KB

.data Size: 512B - Virtual size: 496B

.DATA1 Size: 512B - Virtual size: 14B

.DATA6 Size: 112KB - Virtual size: 215KB

.DATA2 Size: 14KB - Virtual size: 13KB

.DATA8 Size: 5KB - Virtual size: 4KB

.rsrc Size: 77KB - Virtual size: 80KB

.text
Size: 53KB - Virtual size: 52KB

.data
Size: 512B - Virtual size: 496B

.DATA1
Size: 512B - Virtual size: 14B

.DATA6
Size: 112KB - Virtual size: 215KB

.DATA2
Size: 14KB - Virtual size: 13KB

.DATA8
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 77KB - Virtual size: 80KB