97108ba9c508f8d0fa4e772e13e9734d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

97108ba9c508f8d0fa4e772e13e9734d_JaffaCakes118
Size

4.3MB
MD5

97108ba9c508f8d0fa4e772e13e9734d
SHA1

af706e631e6e7abcada7532995602c57a759a395
SHA256

54cbf23aa6022a8b42a59984cf267ed3c7d00b898717c2bb6ea87fab25933412
SHA512

20c2f5916fe4f6623e1df03f6a358f7f35fdd71f4944964405e1ce51ff8c1bb102ed2883cd650b1237cb6d62b628144351bf6f2d84d4ce2124b1d6b57a29cb04
SSDEEP

98304:JVuldPAZcOucfYYf8hN5USUCJYXRAScGrfR1TBtoJN:J8j4cOuHYf8hnArRAS911dtoJN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97108ba9c508f8d0fa4e772e13e9734d_JaffaCakes118

Files

97108ba9c508f8d0fa4e772e13e9734d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb272a0cbdc5f23e03484e17c830906d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
GetDateFormatA
GetBinaryTypeA
ScrollConsoleScreenBufferA
FindFirstFileW
GetProfileStringA
SetSystemTime
CompareStringA
FreeLibraryAndExitThread
ReleaseSemaphore
GetCurrentProcessId
GetFileType
SetProcessAffinityMask
GetSystemDefaultLangID
TlsGetValue
ReadConsoleOutputA
SetConsoleCursorPosition
SizeofResource
GetCompressedFileSizeW
FreeResource
IsBadWritePtr
SetConsoleTitleA
lstrcmpiW
SearchPathW
EnumResourceNamesA
OutputDebugStringW
ExitThread
SetThreadAffinityMask
GetDiskFreeSpaceExA
ExitProcess
QueryDosDeviceW
GetOEMCP
GetCPInfo
GlobalAddAtomW
GetNumberFormatW
CreateProcessA
InitializeCriticalSection
lstrcpyA
GetDriveTypeW
GetLargestConsoleWindowSize
PulseEvent
LocalFileTimeToFileTime
LCMapStringA
VirtualQuery
WriteConsoleOutputCharacterA
SetThreadLocale
ClearCommBreak
GetFileInformationByHandle
GetAtomNameA
EnumCalendarInfoA

user32

SetCapture
SetClassLongA
AdjustWindowRectEx
FlashWindowEx
IsClipboardFormatAvailable
GetScrollRange

gdi32

UpdateColors
RemoveFontResourceA
DPtoLP
GetBkColor
EnumEnhMetaFile
GetGlyphOutlineW
SetColorAdjustment
Escape
SetBrushOrgEx
GetDCOrgEx
SetArcDirection
CreateFontIndirectW

comdlg32

GetOpenFileNameW
PrintDlgW
GetOpenFileNameA

advapi32

RegConnectRegistryA
CryptGetProvParam
CryptSetProvParam
ChangeServiceConfigW
OpenProcessToken
IsValidAcl
ImpersonateSelf
ObjectCloseAuditAlarmW
RegSetValueExA
QueryServiceConfigA
EnumDependentServicesA
IsValidSid
GetSidSubAuthority

shell32

DragFinish
Shell_NotifyIconA
ShellExecuteA
SHGetSettings
SHGetSpecialFolderPathA
SHGetPathFromIDListA

ole32

OleCreateLink
CoTreatAsClass
GetRunningObjectTable
OleCreateFromData
CoFileTimeNow
MkParseDisplayName
RevokeDragDrop
CoReleaseServerProcess

oleaut32

SysFreeString
SafeArrayRedim
SafeArrayGetElement
SafeArrayCreate
SafeArrayGetLBound
VariantCopy

comctl32

ImageList_SetIconSize
ImageList_Destroy

shlwapi

PathGetArgsW
PathIsUNCA
SHSetValueA
StrRChrW

Sections

.text
Size: 5KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb272a0cbdc5f23e03484e17c830906d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 5KB - Virtual size: 223KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 4.0MB - Virtual size: 4.0MB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 5KB - Virtual size: 223KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 4.0MB - Virtual size: 4.0MB

.rsrc
Size: 19KB - Virtual size: 18KB