a7191ffb79b60cb1ac1edae639522214_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7191ffb79b60cb1ac1edae639522214_JaffaCakes118
Size

144KB
MD5

a7191ffb79b60cb1ac1edae639522214
SHA1

be535ac595e7d73a37bc3599ee17e4767c5dd2a7
SHA256

5e2557d65e47cc4eb25aad3099c17ec66322d623d11186f3abd7dbaf8365831c
SHA512

75e88b37b00269deba8d411d3165f1707f68871b5751502e3ffcb9210f72e82fd739ef9edfd47e8e1ad7380c4dc92decee270c68c1f0401b7325e298b5f79399
SSDEEP

3072:WO4R8+6k0JeiWGDvIb4V+Lhte830PZzG4kLFMhWmOw7fC:u6k0XIb8ePkPFGC1Or

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7191ffb79b60cb1ac1edae639522214_JaffaCakes118

Files

a7191ffb79b60cb1ac1edae639522214_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e480508b0aec61eeb3d6181cac88b735

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetVersionExA
GetModuleHandleA
VirtualProtect
GetStartupInfoA
GetFileAttributesW
SetStdHandle
lstrcatA
GetCurrentDirectoryA
GetCommandLineW
GetFileType
ExitProcess

msvcrt

fgetc
_strcmpi
_XcptFilter
_initterm
log10
exit
__p__commode
__setusermatherr
memcmp
_adjust_fdiv
strtol
_except_handler3
__p__fmode
wcstol
__getmainargs
_controlfp
_fullpath
__set_app_type
_wtoi
strerror
_acmdln
_snwprintf

shell32

SHBrowseForFolderA
ExtractIconA
SHChangeNotify
DragAcceptFiles
DragQueryFileA

comctl32

ImageList_Remove
ImageList_Write
ImageList_Replace
ImageList_GetImageInfo
ImageList_Create
ImageList_DrawEx
ImageList_BeginDrag
ImageList_SetDragCursorImage

ole32

CoSetProxyBlanket
OleFlushClipboard
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
OleDraw
CoFreeUnusedLibraries
PropVariantClear
CoTaskMemRealloc
ProgIDFromCLSID
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

oleaut32

SysReAllocStringLen
VariantInit
SysStringByteLen
SysStringLen
VariantClear
SysAllocStringByteLen
GetActiveObject
VariantCopy
SafeArrayGetUBound
SysFreeString
SafeArrayUnaccessData

advapi32

GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA
DeleteService
CloseServiceHandle
DeregisterEventSource
RegSetValueExW
CryptAcquireContextA

user32

LoadCursorA
GetScrollPos
ShowOwnedPopups
GetTopWindow
GetMenu
GetDesktopWindow
TranslateMessage
GetWindowThreadProcessId
InsertMenuItemA
SetWindowPlacement
GetMenuItemID
IntersectRect
DestroyIcon
SetScrollPos

version

GetFileVersionInfoSizeA
VerLanguageNameA
VerInstallFileW
VerInstallFileA
VerQueryValueW

gdi32

ExtSelectClipRgn
SetMetaFileBitsEx
CreateICA
StrokePath
Rectangle
GetPixel
SetViewportExtEx

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e480508b0aec61eeb3d6181cac88b735

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

comctl32

ole32

oleaut32

advapi32

user32

version

gdi32

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 17KB - Virtual size: 40KB

.rsrc Size: 106KB - Virtual size: 176KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 17KB - Virtual size: 40KB

.rsrc
Size: 106KB - Virtual size: 176KB