a9331a0b7e587c48e15c7e48ecc1eada_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9331a0b7e587c48e15c7e48ecc1eada_JaffaCakes118
Size

80KB
MD5

a9331a0b7e587c48e15c7e48ecc1eada
SHA1

b8f2175dc376ed243a7beafb5716156231bde4c4
SHA256

16cb79dc2de8ddebcd277254184fa6207c3328ed33d73e1e216d27f3581abe8c
SHA512

770a3949fd3b88450510e24e79c66ce19a7ca2bffe003b9e6f3a431b355f4916f061739aac537bb27b9bbf798095a51a6c367dd65755e7b50c2ac6f513b19668
SSDEEP

1536:kXZomvSE1ym/xBHzQYgA4LF6DD3nddOC0CNeHCv4QY8gc:0mNSv/rlmF6DjOvse4D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9331a0b7e587c48e15c7e48ecc1eada_JaffaCakes118

Files

a9331a0b7e587c48e15c7e48ecc1eada_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a64a2fd03f05a6ca0da749d20568aeea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetSysColor
GetMessageA
GetScrollPos
GetSysColorBrush
GetSubMenu
EnumWindows
SetWindowPos
EnableMenuItem
FrameRect
PostQuitMessage
SetWindowTextA
UnhookWindowsHookEx
EqualRect

kernel32

GetTimeZoneInformation
SetUnhandledExceptionFilter
GetSystemTime
GetStartupInfoA
RtlUnwind
GetFileAttributesA
GetACP
GetTempPathA
FileTimeToSystemTime
InterlockedExchange
GetCurrentProcessId
VirtualAllocEx
GetThreadLocale
ExitProcess

gdi32

CreateCompatibleBitmap
CopyEnhMetaFileA
SelectClipPath
CreateICW
SetViewportExtEx
ExcludeClipRect
GetMapMode
FillRgn
DPtoLP

ole32

CoTaskMemRealloc
CoInitializeSecurity
StgOpenStorage
CoRevokeClassObject
CoInitialize
DoDragDrop
OleRun
StringFromGUID2
CoCreateInstance

advapi32

RegCreateKeyA
AdjustTokenPrivileges
FreeSid
GetUserNameA
CheckTokenMembership
GetSecurityDescriptorDacl
RegQueryValueExW
CryptHashData
RegCreateKeyExW
QueryServiceStatus

msvcrt

_flsbuf
_mbscmp
iswspace
raise
puts
_fdopen
__setusermatherr
fprintf
strncpy
signal
_CIpow
__getmainargs
_strdup
strlen
_lock
fflush
strcspn
__initenv

comctl32

ImageList_GetIcon
ImageList_GetBkColor
InitCommonControls
ImageList_Destroy
CreatePropertySheetPageA
ImageList_SetIconSize
ImageList_DragEnter
ImageList_Write
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_DrawEx

shell32

DoEnvironmentSubstW
SHGetPathFromIDList
ExtractIconExW
DragQueryFileA
DragAcceptFiles
ShellExecuteEx
DragQueryFileW
SHBrowseForFolderA
CommandLineToArgvW
ShellExecuteW
ExtractIconW

oleaut32

SafeArrayRedim
SafeArrayUnaccessData
SafeArrayPutElement
VariantCopy
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysReAllocStringLen
SafeArrayCreate

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xiprphq
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yaaebyc
Size: - Virtual size: 72KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a64a2fd03f05a6ca0da749d20568aeea

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 41KB - Virtual size: 41KB

.rsrc Size: 6KB - Virtual size: 34KB

xiprphq Size: - Virtual size: 60KB

yaaebyc Size: - Virtual size: 72KB

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 6KB - Virtual size: 34KB

xiprphq
Size: - Virtual size: 60KB

yaaebyc
Size: - Virtual size: 72KB