81c004186061f20f82bbe7a48dc94eaa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

81c004186061f20f82bbe7a48dc94eaa_JaffaCakes118
Size

895KB
MD5

81c004186061f20f82bbe7a48dc94eaa
SHA1

a1349378efac35847b8058d94611286b6004944c
SHA256

1187e571e3bb6fcdce47c43101b49655af7266499bb8363a0d14dbc0e88dd00a
SHA512

afef56decea9a8b0ef4b22dc5c0d578e438bc2f83729b5bb3a96b7285f8ba6b151ec7c5eb4022492a63168b8b92cd45b25693170f3c219551a04d37ce7cdc7b5
SSDEEP

24576:fWjaLKTE9as7gmxwG+doX9+T3MJimjGaz3d:+jay4aGRuAsDg6Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81c004186061f20f82bbe7a48dc94eaa_JaffaCakes118

Files

81c004186061f20f82bbe7a48dc94eaa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7cee4c56116a51f7f1145c86315c8fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetAtomNameA
WritePrivateProfileStringW
GetDriveTypeW
lstrcmpA
TryEnterCriticalSection
ExitThread
ExitProcess
FormatMessageA
GlobalUnlock
ReadDirectoryChangesW
RemoveDirectoryW
SetErrorMode
GetVersion
lstrcpyA
EnumResourceNamesW
GetProcessTimes
GetSystemTimeAsFileTime
MultiByteToWideChar
EnumDateFormatsW
LoadResource
QueryDosDeviceA
GetFileInformationByHandle
DebugBreak
ExpandEnvironmentStringsW

user32

GetGuiResources
GetTopWindow
GetMenu
RegisterClassA
DrawTextExW
InvalidateRgn
LoadMenuW
RemovePropW
ClientToScreen
DrawAnimatedRects
RedrawWindow
wvsprintfW
CreateWindowExA
EnumWindows
EnumThreadWindows
CharUpperBuffW
AdjustWindowRect
CreateWindowStationW
GetKeyboardLayoutList
DrawEdge
SetParent
FindWindowExA
mouse_event
GetScrollPos
EndDialog
DrawFrameControl
CharNextA
WinHelpW
CloseWindow
GetMenuStringA
ShowCaret
GetDlgItemInt
EnumDesktopsA
DefMDIChildProcW
GetParent
CreateMDIWindowW
VkKeyScanA
HiliteMenuItem
ChildWindowFromPoint
InsertMenuA
GetProcessDefaultLayout
CallWindowProcA
GetDoubleClickTime
MessageBoxIndirectW
GetMenuInfo
PostThreadMessageW
UnloadKeyboardLayout
ScrollDC

gdi32

GetGlyphOutlineW
EndPage
BitBlt
SetLayout
CreateHatchBrush
SelectClipRgn
StartDocA
SetTextJustification
SetBkColor
GetROP2

comdlg32

PageSetupDlgA
GetOpenFileNameA
ReplaceTextW

advapi32

DestroyPrivateObjectSecurity
LookupAccountNameW
FreeSid
IsValidAcl
InitializeSid
CryptDeriveKey
RegRestoreKeyA
RegQueryValueExW
GetSecurityDescriptorSacl
RegSetValueA
LookupPrivilegeValueW
OpenServiceA
RegLoadKeyA
AccessCheckAndAuditAlarmW
RegCreateKeyExA
RegOpenKeyExA
OpenSCManagerA

shell32

SHChangeNotify
SHGetSpecialFolderLocation
DragFinish
SHGetPathFromIDListA

ole32

OleBuildVersion
RevokeDragDrop
GetRunningObjectTable
OleLockRunning
CoFreeUnusedLibraries
OleInitialize
CoQueryProxyBlanket
OleQueryLinkFromData
CoResumeClassObjects

oleaut32

SysAllocStringLen
SysFreeString
SafeArrayPutElement
VariantCopy
SysStringLen
QueryPathOfRegTypeLi
SafeArrayRedim

comctl32

ImageList_GetIconSize

shlwapi

HashData
StrCmpIW
SHRegGetUSValueW
PathGetArgsW

Sections

.text
Size: 9KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 607KB - Virtual size: 607KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7cee4c56116a51f7f1145c86315c8fa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 9KB - Virtual size: 225KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 607KB - Virtual size: 607KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 9KB - Virtual size: 225KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 607KB - Virtual size: 607KB

.rsrc
Size: 17KB - Virtual size: 16KB