86248a20eceb76ca729a1ec84ad66688_JaffaCakes118

General

Target

86248a20eceb76ca729a1ec84ad66688_JaffaCakes118
Size

149KB
MD5

86248a20eceb76ca729a1ec84ad66688
SHA1

cebbeb3e4bc612834f9cd20c08d0cba70aef9957
SHA256

9583002e25088572408e2a9eb81b78f8a8e57c7ae6d6682e50cbe6b52d32911d
SHA512

4cd10b6242f7732e1ebcaa7938d8eb62e1342a663a319f0789b02114a8685249960ccc02bed4a044add9c243a0ed31d6d5d38d6830c846fb596b8703cf023f5e
SSDEEP

3072:vQbv1cy6Vpp9fRD+WAeduglm4NRzRm2nu4fft3Dg:4wHNllBntDg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86248a20eceb76ca729a1ec84ad66688_JaffaCakes118

Files

86248a20eceb76ca729a1ec84ad66688_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c633e04d4dc690ba82b46eb6f8ecf1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

LCMapStringW
GetSystemTime
lstrcmpA
VirtualAlloc
FileTimeToLocalFileTime
GetStartupInfoA
GetLocaleInfoW
VirtualFree
Sleep
GetModuleHandleA
VirtualProtect

user32

GetFocus
DrawMenuBar
RegisterClipboardFormatA
ReleaseDC
GetSysColor
GetWindowThreadProcessId
CharLowerA
GetClientRect
BeginPaint

msvcrt

log10
_fdopen
_unlock
__p__fmode
iswctype
_XcptFilter
__p__commode
_acmdln
_chmod
_initterm
__getmainargs
putchar
__set_app_type
_except_handler3
_adjust_fdiv
_open
exit
__setusermatherr

shell32

SHGetFolderPathA
SHChangeNotify
DragQueryFile
SHBrowseForFolder
SHBrowseForFolderA
SHGetFileInfo
Shell_NotifyIconW
SHBrowseForFolderW
ShellExecuteEx

comctl32

ImageList_Write
ImageList_GetImageInfo
ImageList_Remove
ImageList_LoadImageA
CreateToolbarEx
CreatePropertySheetPageW

advapi32

RegEnumKeyW
CryptReleaseContext
RegDeleteValueW
CryptAcquireContextA
RegEnumValueA
CloseServiceHandle
InitiateSystemShutdownA
RegCreateKeyExW

oleaut32

VariantClear
SafeArrayUnaccessData
VariantInit
SysAllocStringLen
SafeArrayGetUBound
SysFreeString
VariantCopyInd
SysAllocStringByteLen

ole32

GetRunningObjectTable
CreateItemMoniker
DoDragDrop
CreateILockBytesOnHGlobal
StringFromGUID2
StgCreateDocfileOnILockBytes

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c633e04d4dc690ba82b46eb6f8ecf1f

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

shell32

comctl32

advapi32

oleaut32

ole32

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 6KB - Virtual size: 6KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 6KB - Virtual size: 6KB