a3ebadee141c94b54aab79818101c526_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a3ebadee141c94b54aab79818101c526_JaffaCakes118
Size

138KB
MD5

a3ebadee141c94b54aab79818101c526
SHA1

63cb7ef834984f0f7af6a4fab183d7b2874a412f
SHA256

372c68cfd2a87ecab1a374480a6acf47e181f6beced83f15badf317a8e1f69d3
SHA512

1449e5ffe9050498aa8097b17e774a37499693e68376042a9593b66d72712752ed9d0fb26d93300cfa1e2744467f411f01cdce1f10ca32a65aafa7ec72285631
SSDEEP

3072:eYgxcc9ZTEafKRCmP30L6ckptqSd/EBKH4HuMnm61C2qWoxtRaSpC3/:aHSDcecUpVH4nnmGvqWCtR4v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a3ebadee141c94b54aab79818101c526_JaffaCakes118

Files

a3ebadee141c94b54aab79818101c526_JaffaCakes118
.exe windows:5 windows x86 arch:x86

73f0678475295778997ae35c5c26b53d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteFileW
GetLastError
GetModuleHandleA
GetStartupInfoA
InterlockedCompareExchange
DuplicateHandle
VirtualProtect
GetFullPathNameA
GlobalUnlock
GetCPInfo

msvcrt

_adjust_fdiv
__p__commode
wctomb
__getmainargs
_filbuf
_XcptFilter
_controlfp
_ultoa
__p__fmode
exit
_fileno
__setusermatherr
_except_handler3
_acmdln
log10
_wcsnicmp
ftell
__set_app_type
_initterm
rename
_strlwr

oleaut32

SafeArrayRedim
LoadTypeLib
SysAllocStringLen
SafeArrayGetElement
SafeArrayUnaccessData
VariantInit
SafeArrayPtrOfIndex
SysStringLen
GetErrorInfo

gdi32

GetTextFaceW
CreateDIBitmap
GetMetaFileBitsEx
StrokePath
CopyMetaFileA
GetTextExtentPoint32A
ExtTextOutA
SetMapperFlags
Pie
CloseMetaFile
StartPage

user32

GetDesktopWindow
SetRect
EnumWindows
GetSystemMetrics
EndPaint
AdjustWindowRectEx
BeginPaint
GetMessagePos
GetScrollInfo
GetSystemMenu

advapi32

GetTokenInformation
CryptHashData
CloseServiceHandle
CryptAcquireContextA
CryptDestroyHash
RegFlushKey
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl

ole32

CoReleaseMarshalData
CoRegisterMessageFilter
CoInitializeSecurity
OleDraw
OleInitialize
StgCreateDocfileOnILockBytes
CoGetInterfaceAndReleaseStream
OleFlushClipboard

comctl32

ImageList_AddMasked
DestroyPropertySheetPage
ImageList_DragEnter
ImageList_Read
ImageList_Draw
PropertySheetA
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_Write
ImageList_Replace

shell32

SHGetSpecialFolderLocation
SHChangeNotify
DoEnvironmentSubstW
ExtractIconExA
ShellExecuteExW
SHCreateDirectoryExA
SHGetPathFromIDListW

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerLanguageNameA
GetFileVersionInfoSizeA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73f0678475295778997ae35c5c26b53d

Headers

File Characteristics

Imports

kernel32

msvcrt

oleaut32

gdi32

user32

advapi32

ole32

comctl32

shell32

version

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 16KB - Virtual size: 38KB

.rsrc Size: 101KB - Virtual size: 129KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 16KB - Virtual size: 38KB

.rsrc
Size: 101KB - Virtual size: 129KB