a9632e0e78bb13d7f0af74b576a28256_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9632e0e78bb13d7f0af74b576a28256_JaffaCakes118
Size

144KB
MD5

a9632e0e78bb13d7f0af74b576a28256
SHA1

0751cfe7ca3a37f505a479c6126e0a8d45da6556
SHA256

6ba76dd97bff59340e46d5141ac6dbf37384685913f61614147cde97e1065cbe
SHA512

0d87454409c295a0b898c1ae9ea214b2c854e9b24ace16df01f83a4b6d74320fbddbaa704a9d40fcefc37cd611539c538d87cbc5c661df91bcf4728b585f2412
SSDEEP

3072:UO4R8+6k0JeiWGDvIb4V+Lhte830PZzG4kLFMhWmOw7fC:A6k0XIb8ePkPFGC1Or

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9632e0e78bb13d7f0af74b576a28256_JaffaCakes118

Files

a9632e0e78bb13d7f0af74b576a28256_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e480508b0aec61eeb3d6181cac88b735

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetVersionExA
GetModuleHandleA
VirtualProtect
GetStartupInfoA
GetFileAttributesW
SetStdHandle
lstrcatA
GetCurrentDirectoryA
GetCommandLineW
GetFileType
ExitProcess

msvcrt

fgetc
_strcmpi
_XcptFilter
_initterm
log10
exit
__p__commode
__setusermatherr
memcmp
_adjust_fdiv
strtol
_except_handler3
__p__fmode
wcstol
__getmainargs
_controlfp
_fullpath
__set_app_type
_wtoi
strerror
_acmdln
_snwprintf

shell32

SHBrowseForFolderA
ExtractIconA
SHChangeNotify
DragAcceptFiles
DragQueryFileA

comctl32

ImageList_Remove
ImageList_Write
ImageList_Replace
ImageList_GetImageInfo
ImageList_Create
ImageList_DrawEx
ImageList_BeginDrag
ImageList_SetDragCursorImage

ole32

CoSetProxyBlanket
OleFlushClipboard
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
OleDraw
CoFreeUnusedLibraries
PropVariantClear
CoTaskMemRealloc
ProgIDFromCLSID
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

oleaut32

SysReAllocStringLen
VariantInit
SysStringByteLen
SysStringLen
VariantClear
SysAllocStringByteLen
GetActiveObject
VariantCopy
SafeArrayGetUBound
SysFreeString
SafeArrayUnaccessData

advapi32

GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegCreateKeyExA
RegSetValueExA
RegEnumKeyA
DeleteService
CloseServiceHandle
DeregisterEventSource
RegSetValueExW
CryptAcquireContextA

user32

LoadCursorA
GetScrollPos
ShowOwnedPopups
GetTopWindow
GetMenu
GetDesktopWindow
TranslateMessage
GetWindowThreadProcessId
InsertMenuItemA
SetWindowPlacement
GetMenuItemID
IntersectRect
DestroyIcon
SetScrollPos

version

GetFileVersionInfoSizeA
VerLanguageNameA
VerInstallFileW
VerInstallFileA
VerQueryValueW

gdi32

ExtSelectClipRgn
SetMetaFileBitsEx
CreateICA
StrokePath
Rectangle
GetPixel
SetViewportExtEx

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e480508b0aec61eeb3d6181cac88b735

Headers

File Characteristics

Imports

kernel32

msvcrt

shell32

comctl32

ole32

oleaut32

advapi32

user32

version

gdi32

Sections

.text Size: 20KB - Virtual size: 19KB

.data Size: 17KB - Virtual size: 40KB

.rsrc Size: 106KB - Virtual size: 176KB

.text
Size: 20KB - Virtual size: 19KB

.data
Size: 17KB - Virtual size: 40KB

.rsrc
Size: 106KB - Virtual size: 176KB