b38e645afa15dafe7c7e180e12681be4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b38e645afa15dafe7c7e180e12681be4_JaffaCakes118
Size

2.1MB
MD5

b38e645afa15dafe7c7e180e12681be4
SHA1

7d882e151b4f7b06b79383095c2cb61bca9cfb1c
SHA256

51aec3978d46c45e2a37422f1b32f17e0d66744ded929b371a1a0bd1f187b139
SHA512

d5e4d59537d803e4fddbe9b373196600de5c898e7e57caeab42acefd4f80ba0770cc404fca233272ae7e4020d5bc9d2b5ee645cda5015f7099c96bc7b1da412e
SSDEEP

49152:oaQBIMXSQh6tzkx4Q4R2H4CML+UlSADn+3RGXJW9H9fOA0:yBwtQBYBZxDEUXJW9MA0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b38e645afa15dafe7c7e180e12681be4_JaffaCakes118

Files

b38e645afa15dafe7c7e180e12681be4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5aa42acce9ec78a5d26ff966e0e2c0ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceW
IsBadWritePtr
GetCompressedFileSizeW
WritePrivateProfileStringA
GetCPInfo
ExitProcess
FindFirstFileExW
FormatMessageA
GlobalReAlloc
VirtualLock
GlobalFindAtomA
ReadDirectoryChangesW
GetCurrentDirectoryW
CreateDirectoryExA
SetStdHandle
ReadFile
CreateMutexA
_lclose
DuplicateHandle
SetCurrentDirectoryA
_lopen
SetConsoleWindowInfo
LCMapStringA

user32

GetWindowDC
EnumDisplaySettingsW
ShowOwnedPopups
GetUserObjectSecurity
SetThreadDesktop
SetWindowContextHelpId
IsCharUpperW
SetWindowPos
LoadMenuA
UnhookWinEvent
InSendMessage
GetClipCursor
GetCaretPos
WaitForInputIdle

gdi32

GetCharacterPlacementA
GetSystemPaletteUse
SetBitmapDimensionEx
SetArcDirection
EqualRgn
StartPage
DeleteEnhMetaFile
RoundRect
SetROP2
GetMetaFileBitsEx
GetTextExtentExPointA
SetDIBitsToDevice
PtVisible
SetWorldTransform
CreateMetaFileW

comdlg32

FindTextW
GetSaveFileNameW

advapi32

GetServiceDisplayNameA
GetUserNameA
OpenEventLogW
IsValidSid
RegDeleteValueA
InitializeSid
OpenProcessToken
ObjectCloseAuditAlarmA
QueryServiceConfigA
AddAccessAllowedAce
SetNamedSecurityInfoW
CryptGetKeyParam
SetServiceObjectSecurity
BuildSecurityDescriptorW
CryptDecrypt
RegisterServiceCtrlHandlerW
CryptImportKey
GetFileSecurityW
OpenServiceW
RegQueryInfoKeyW
RegDeleteValueW
SetServiceStatus
CryptHashData
GetServiceDisplayNameW
GetPrivateObjectSecurity
SetSecurityDescriptorDacl
CryptGenRandom
RegQueryValueA
LookupAccountNameW
SetSecurityDescriptorSacl
LogonUserW
CryptSetHashParam

shell32

FindExecutableA
SHLoadInProc
DragAcceptFiles

ole32

CoGetObject
OleRegGetUserType
CoSwitchCallContext
CreateStreamOnHGlobal
ReadFmtUserTypeStg

oleaut32

SafeArrayGetLBound
SysFreeString
VariantChangeType

comctl32

ImageList_Add
ImageList_GetBkColor
CreatePropertySheetPageA

shlwapi

StrChrIA
StrCmpNW
PathCommonPrefixW
PathStripPathW
PathRemoveBlanksW
SHRegQueryUSValueW
StrPBrkW
UrlCreateFromPathW

Sections

.text
Size: 12KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5aa42acce9ec78a5d26ff966e0e2c0ce

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 12KB - Virtual size: 228KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 12KB - Virtual size: 228KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 17KB - Virtual size: 16KB