afe5a55ef96823763005045ab3d45648_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

afe5a55ef96823763005045ab3d45648_JaffaCakes118
Size

444KB
MD5

afe5a55ef96823763005045ab3d45648
SHA1

4240c4be23ba3de9d0a89cfa3f65ebe19dc9a5d5
SHA256

2d2c6bb5c112a0e0724aae35dfbc825003f6c7fd8e95fd3ef62533ac2daf4683
SHA512

c5dd8ff8fdce4488041296814fe392ca20db10391b00cfca24907834638a1bd31816ffc05c02258d647b0c0e54b3eaafa962b020a044a6c4b0b973d98f75adbc
SSDEEP

12288:oLc4dZbD8Ya7wNnCoqSQs6HQVq5UMBHv:gc+ZX8Ps1SZs6HQCU4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
afe5a55ef96823763005045ab3d45648_JaffaCakes118

Files

afe5a55ef96823763005045ab3d45648_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ed70edf3593e5bc337770578a2b81777

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__p__fmode
__set_app_type
malloc
_except_handler3
_initterm
__setusermatherr
__wgetmainargs
wcsncpy

user32

GetWindowLongW
DrawIconEx
SetCapture
EndDeferWindowPos
CreateWindowExW
GetCursorPos
RegisterClassW
GetDC
OffsetRect
RegisterClassExW
PeekMessageW
IntersectRect
MessageBoxW
GetDlgItem
MonitorFromRect
FrameRect
TranslateMessage
SetDlgItemTextW
GetWindowTextW
GetCapture
SetTimer
UpdateWindow
CopyRect
GetSystemMetrics
CopyImage
IsWindowVisible
IsWindowEnabled
GetWindowRect
GetWindowThreadProcessId
LoadStringW
wsprintfW
EndDialog
DialogBoxParamW
GetForegroundWindow
SetWindowPos
GetIconInfo
MoveWindow
GetSysColor
DestroyAcceleratorTable

shell32

ShellExecuteExW
ord16
SHParseDisplayName
SHOpenFolderAndSelectItems
ord152
SHGetFileInfoW

gdi32

SetTextColor
DeleteDC
GetStockObject
GetTextExtentPoint32W
CreateFontIndirectW
RealizePalette
Ellipse
SelectPalette
Rectangle

advapi32

RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW

gdiplus

GdipGetImageEncoders
GdipGetImageDecoders
GdipFree
GdipGetImageGraphicsContext
GdiplusShutdown
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromFile

kernel32

FindNextFileW
GetCurrentThreadId
DuplicateHandle
GetHandleInformation
InitializeCriticalSection
DeleteCriticalSection
OpenFileMappingW
GetCurrentProcessId
FindResourceW
CreateEventA
CreateEventW
FreeLibraryAndExitThread
lstrlenW
GetTickCount
Sleep
GetModuleFileNameW
MultiByteToWideChar
SetEvent
LocalAlloc
GetSystemDirectoryW
VirtualAllocEx
GetShortPathNameW
WaitForSingleObject
GlobalAlloc

shlwapi

ord174
ord437
PathRemoveExtensionW

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed70edf3593e5bc337770578a2b81777

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

shell32

gdi32

advapi32

gdiplus

kernel32

shlwapi

Sections

.text Size: 406KB - Virtual size: 406KB

.data Size: 30KB - Virtual size: 30KB

.rsrc Size: 6KB - Virtual size: 328KB

.text
Size: 406KB - Virtual size: 406KB

.data
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 6KB - Virtual size: 328KB