8ac20968849ed91f8f1b8ef8c09d5489_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8ac20968849ed91f8f1b8ef8c09d5489_JaffaCakes118
Size

117KB
MD5

8ac20968849ed91f8f1b8ef8c09d5489
SHA1

dfe446ee882491226b2b86637a1e9adf25ea7475
SHA256

7280198af6ba9945bd9651b532eb67e19a0644d573856e5c6aeb5337fce8a2fe
SHA512

3fea6e9f76735ef6690d95270feb1abbc59c4624d3a08a7937e65cb625757a950cb1aa6da5be173407805879c23a10890024cab3908933d88023fe7e39b4acff
SSDEEP

3072:ayFugagBPCe88RJQ1p4xPF+8h8LpEpQltAEZCSct:y/8R+1KLOpEp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ac20968849ed91f8f1b8ef8c09d5489_JaffaCakes118

Files

8ac20968849ed91f8f1b8ef8c09d5489_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5dd3e83936d086b2128fa73ecf766669

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
SHQueryInfoKeyA
PathGetCharTypeA
SHEnumValueA
SHStrDupA
PathFileExistsA
SHQueryValueExA
PathIsContentTypeA
PathIsDirectoryA

oleaut32

SafeArrayGetElement

advapi32

RegQueryValueExA

comdlg32

GetOpenFileNameA
FindTextA
ChooseColorA

user32

GetScrollInfo
DispatchMessageA
EnumThreadWindows
OpenClipboard
IsDialogMessageA
CharLowerBuffA
RegisterWindowMessageA
GetDCEx
EqualRect
IntersectRect
InvalidateRect
GetWindowRect
IsZoomed
PostQuitMessage
DestroyIcon
EnumWindows
SendMessageA
CreateWindowExA
TrackPopupMenu
DestroyCursor
EnableMenuItem
GetLastActivePopup
SystemParametersInfoA
GetIconInfo

kernel32

VirtualFree
GetThreadLocale
LoadLibraryA
WriteFile
VirtualAlloc
GetCommandLineA
LocalFree
ResetEvent
GetProcAddress
SetErrorMode
lstrcpyA
GetCurrentThreadId
ExitThread
GetStdHandle
GetCurrentThread
DeleteCriticalSection
GetModuleHandleA

ole32

CoUninitialize
CLSIDFromString
CoGetObjectContext
CoRegisterClassObject
GetHGlobalFromStream
StringFromIID
CoGetContextToken
CoReleaseMarshalData

gdi32

SetBkMode
SetTextColor
GetRgnBox

msvcrt

exp
exit
wcscspn
atol
wcsncmp
memcmp
sin
atan

Sections

CODE
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5dd3e83936d086b2128fa73ecf766669

Headers

File Characteristics

Imports

shlwapi

oleaut32

advapi32

comdlg32

user32

kernel32

ole32

gdi32

msvcrt

Sections

CODE Size: 33KB - Virtual size: 32KB

.data Size: 61KB - Virtual size: 60KB

.rdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 10KB - Virtual size: 9KB

CODE
Size: 33KB - Virtual size: 32KB

.data
Size: 61KB - Virtual size: 60KB

.rdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 10KB - Virtual size: 9KB