af54acc890433e1bdcf6c12e5b8d5125_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af54acc890433e1bdcf6c12e5b8d5125_JaffaCakes118
Size

79KB
MD5

af54acc890433e1bdcf6c12e5b8d5125
SHA1

e99ead5a3360294a6849e0b9ab7818ced3acedf3
SHA256

baa2749ad515d04b83b86d50c13aa67ce619d1d9b04d4b5bfa78700cf63352fe
SHA512

8cd5024a8f43c9749f7c56aab6e3fe129cf47ca416830dd3d260603c7dafd2fb842f9e7636b62c0c2a1624abf981fec8462edfce474864945f5e1c20960d40ad
SSDEEP

1536:nr7wfSZW+kcSRYjE2nff+cnl8YnixbSyIui5SRDPeWHOs3K+D25VjC:fwaZW+pSRYVfVnlRixKfwjAs6+qC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af54acc890433e1bdcf6c12e5b8d5125_JaffaCakes118

Files

af54acc890433e1bdcf6c12e5b8d5125_JaffaCakes118
.exe windows:5 windows x86 arch:x86

de9d7bbc3b6f066b8061919dca67ecdd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
EnumResourceLanguagesA
GetDiskFreeSpaceA
lstrcmpiA
SetFileAttributesA
lstrcatA
FindClose
GetDriveTypeA
SetFileTime
GetSystemDirectoryA
LockResource
FindFirstFileA
FreeResource
lstrcmpA
GetVersionExA
LocalAlloc
WritePrivateProfileStringA
LoadLibraryExA
GetLastError
GetModuleHandleA
CreateMutexA
lstrcpyA
SetFilePointer
ResetEvent
WriteFile
ExpandEnvironmentStringsA
_lopen
ReadFile
SetCurrentDirectoryA
GetCommandLineA
GetVolumeInformationA
RemoveDirectoryA
GlobalLock
GlobalAlloc
GetPrivateProfileStringA
LocalFree
GetTempFileNameA
FindResourceA
ConnectNamedPipe
CreateEventA
_llseek
FindNextFileA
GetExitCodeProcess
DosDateTimeToFileTime
_lclose
CreateFileA
MapViewOfFile
OpenFileMappingA
GetFileAttributesA
LocalFileTimeToFileTime
GetProcAddress
GlobalUnlock
GetCurrentDirectoryA
GlobalFree
lstrcpynA
GetWindowsDirectoryA
GetTempPathA
GetSystemInfo
GlobalSize
ExitProcess
IsDBCSLeadByte
FormatMessageA
GetShortPathNameA
GetCurrentProcess
TerminateThread
DeleteFileA
GetModuleFileNameA
SetEvent
lstrlenA
CreateProcessA
GetPrivateProfileIntA
SizeofResource
FreeLibrary

shlwapi

PathFindFileNameW
PathFindExtensionW

crypt32

CertEnumCertificatesInStore
CryptQueryObject
CertCloseStore
CertFreeCertificateContext
CertNameToStrW

gdi32

CombineRgn
StretchBlt
GetTextExtentPoint32A
CreateSolidBrush
CreateCompatibleBitmap
DeleteObject
CreateRectRgn
SelectObject
CreatePen
CreateCompatibleDC
CreateFontA

advapi32

OpenProcessToken
LookupPrivilegeValueW
GetTokenInformation
SetSecurityInfo
RegOpenKeyExA
AdjustTokenPrivileges
CreateProcessAsUserW
LookupAccountSidW
SetEntriesInAclW

ole32

OleDuplicateData
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop

comctl32

_TrackMouseEvent

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de9d7bbc3b6f066b8061919dca67ecdd

Headers

File Characteristics

Imports

kernel32

shlwapi

crypt32

gdi32

advapi32

ole32

comctl32

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 9KB - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 6KB

.rdata Size: 47KB - Virtual size: 83KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 9KB - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 6KB

.rdata
Size: 47KB - Virtual size: 83KB