ab21b17c923c907d119496ac1d300adb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab21b17c923c907d119496ac1d300adb_JaffaCakes118
Size

182KB
MD5

ab21b17c923c907d119496ac1d300adb
SHA1

d236f4151e9c36dd587fc067d614f3407092dc49
SHA256

afa6d795fd2a140f3ad03eebae482c798bd072efa3789ab126b00553b1a63c2b
SHA512

2937d79bfd1dadf071ee86e167b35d4e206bb4a5982f1146d3bbb479eaa32b27e9be404825cd6d11bd780327fcb5e26f446a7e75943e547e2bb15238b981df1f
SSDEEP

3072:mUhoj8I2cE/yB4wt1Kmq3h1QyYhR6UJ4XW8HZxTdDEzoKfdWqnZFhqN4Otgm34:mUqgI2cE/yf3gwyYhR6UJ4m8HRPEdWqY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab21b17c923c907d119496ac1d300adb_JaffaCakes118

Files

ab21b17c923c907d119496ac1d300adb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

63e70a75b3b40c5f724a11d1f4c10a7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

kernel32

InterlockedDecrement
GetSystemDefaultLangID
ConvertDefaultLocale
CreateFileW
GetCalendarInfoW
ReadFile
FindFirstFileW
RemoveDirectoryW
WideCharToMultiByte
SetFileTime
DeleteFileW
lstrcpyW
LocalFileTimeToFileTime
GetModuleFileNameW
WriteFile
SystemTimeToFileTime
GetCurrentProcessId
EnumResourceNamesA
FindNextFileW
MoveFileW
ExitProcess
EnumResourceLanguagesW
CreateDirectoryW
FindClose
GetCurrentDirectoryW
GetLocaleInfoW
SetFilePointer
GetVersion
LoadLibraryW
MultiByteToWideChar
GetFileAttributesW
GetProcAddress

gdi32

DeleteDC
RectVisible
GetTextColor
ScaleViewportExtEx
PtVisible
SetWindowExtEx
TextOutW
SetViewportOrgEx
SelectObject
GetDeviceCaps
GetMapMode
ExtTextOutW
GetStockObject
GetBkColor
ScaleWindowExtEx
OffsetViewportOrgEx
Escape
ExtSelectClipRgn
GetRgnBox

user32

GetNextDlgGroupItem
RemovePropW
CharNextW
GetPropW
WinHelpW
CreateWindowExW
GetClassInfoExW
IsRectEmpty
InvalidateRect
MessageBeep
SetPropW
SetRect
GetNextDlgTabItem
CopyAcceleratorTableW
GetClassLongW
CharUpperW
SendDlgItemMessageA
RegisterWindowMessageW
InvalidateRgn
DestroyMenu

oleacc

LresultFromObject
CreateStdAccessibleObject

ole32

CoTaskMemFree
OleFlushClipboard
OleInitialize
CoFreeUnusedLibraries
CoRevokeClassObject
CoRetireServer
CoCreateInstance
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoRegisterMessageFilter
CoGetClassObject
OleUninitialize
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitialize
CoUninitialize
OleIsCurrentClipboard
CLSIDFromString

shlwapi

PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathAppendW

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExW

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63e70a75b3b40c5f724a11d1f4c10a7e

Headers

File Characteristics

Imports

shell32

kernel32

gdi32

user32

oleacc

ole32

shlwapi

advapi32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 76KB - Virtual size: 75KB

.edata Size: 1024B - Virtual size: 372KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 76KB - Virtual size: 75KB

.edata
Size: 1024B - Virtual size: 372KB