a508498b4a7c81416c8a40e7254e0624_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a508498b4a7c81416c8a40e7254e0624_JaffaCakes118
Size

248KB
MD5

a508498b4a7c81416c8a40e7254e0624
SHA1

17afc2c816408d3538b8c5b412a089d110ea14bf
SHA256

d5344884a74a8b371f51c15ec2cd0e45654ffee4983f8cbe0297fa7539412ebd
SHA512

ead7c33ea717ecf31e597236b8570ef2eefd283d25b3eb6ce207186c2a0e9e2a1cadb061cfae154878dee17b675ccb55eb11102dd61ba4cd517d9dabb5583877
SSDEEP

6144:617q2HZO/7acAoPjXtKuJiB5FbQx+O1ZvUIqgzk2:61TZOLFtBJijZQxX19rR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a508498b4a7c81416c8a40e7254e0624_JaffaCakes118

Files

a508498b4a7c81416c8a40e7254e0624_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7e546da3b7751e652fe043b2c3d2da0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExW
IsBadReadPtr
ConnectNamedPipe
GetPrivateProfileSectionW
CreateDirectoryExA
GlobalAddAtomA
MoveFileExA
FindFirstFileExW
WriteProcessMemory
SetConsoleOutputCP
LocalReAlloc
TryEnterCriticalSection
LocalLock
GetVersionExA
ReadConsoleA
SetEvent
_lread
ExitProcess
WriteConsoleOutputW
EnumSystemCodePagesA
GetProcessTimes
GetHandleInformation
IsValidLocale
DosDateTimeToFileTime
SetConsoleTitleA
GetProfileStringA
FillConsoleOutputCharacterA
CreateIoCompletionPort
GetPrivateProfileStringW
_llseek
VirtualProtect
GetCommandLineA
lstrlenA
VirtualAlloc
GetFileAttributesExA

user32

GetMenuItemID
ScrollWindow
ShowCaret
RegisterClipboardFormatA
TrackPopupMenuEx
GetProcessWindowStation
UnionRect
EnumDisplayDevicesA
GetSysColor
GetKeyboardLayoutList
IsMenu

gdi32

SelectPalette
EndDoc
ModifyWorldTransform
GetWindowOrgEx
GetTextFaceW
CreateMetaFileA
CreateDIBPatternBrush
CreateDCA
ExtTextOutA
SetViewportExtEx
SetTextColor
RemoveFontResourceA
GetGlyphOutlineW
Rectangle
Polygon
GetTextMetricsW
InvertRgn
CreateCompatibleDC
SetViewportOrgEx
EqualRgn
CreateMetaFileW

comdlg32

PageSetupDlgW
GetSaveFileNameW
ReplaceTextW
ReplaceTextA

advapi32

RegisterEventSourceW
ImpersonateSelf
IsValidAcl
ObjectCloseAuditAlarmW
RegFlushKey
RegQueryValueExW
GetCurrentHwProfileW
RegDeleteValueA
IsValidSecurityDescriptor
GetSecurityInfo
SetPrivateObjectSecurity
DestroyPrivateObjectSecurity
RegSetValueA
EqualSid
DeleteService

shell32

SHGetSpecialFolderLocation
ExtractIconExW
FindExecutableA
SHGetSettings

oleaut32

SafeArrayUnaccessData
SysAllocStringLen
SafeArrayGetElement
LoadTypeLi
VariantCopy
LoadTypeLibEx
SetErrorInfo
SafeArrayGetLBound

comctl32

ImageList_AddMasked
ImageList_DrawEx
ImageList_SetOverlayImage
ImageList_DragEnter

shlwapi

SHStrDupW
PathIsURLW
PathFindOnPathW
SHRegWriteUSValueW
PathRemoveArgsW
StrFormatByteSizeA
PathUndecorateW
SHDeleteKeyA
PathIsUNCServerW
StrChrIA
SHRegOpenUSKeyW
PathIsDirectoryW

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e7e546da3b7751e652fe043b2c3d2da0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

comctl32

shlwapi

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 232KB - Virtual size: 228KB

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 232KB - Virtual size: 228KB