b373bb899af97a0ee06dcd1655fb91c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b373bb899af97a0ee06dcd1655fb91c5_JaffaCakes118
Size

472KB
MD5

b373bb899af97a0ee06dcd1655fb91c5
SHA1

765d82258278fdd7f0f6f28d34cf0bae2e0bd5f3
SHA256

318ed51c5f5ed646b0b529f0b69b452326259b298290152fca7afd3c6d077e4a
SHA512

57038a21647ec70409bd3b0e9d6f39bfe4d605036a4f1642cca4e1157058cd151c0fc6de8813f3c73ae030f666c9a9ee74d914702653b95060c56431e793cf90
SSDEEP

12288:6TOCMbCdfluNr9F1vme4HxKaawVxPAEJN9:U6bCdfluNrce4RKyTPAG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b373bb899af97a0ee06dcd1655fb91c5_JaffaCakes118

Files

b373bb899af97a0ee06dcd1655fb91c5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7f13927875b0cdf8de6066dfced9c202

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

ProgIDFromCLSID
CreateOleAdviseHolder
StringFromIID
StgOpenStorage
OleSaveToStream
CreateDataAdviseHolder
StgCreateDocfileOnILockBytes
OleRun
CoGetClassObject
CoInitializeEx
CoDisconnectObject
CLSIDFromProgID
CoUnmarshalInterface
CoCreateInstanceEx
CreateStreamOnHGlobal
StgCreateDocfile
CreateBindCtx
OleRegGetMiscStatus
CoUninitialize
OleRegGetUserType
StringFromCLSID
CreateILockBytesOnHGlobal
CoSetProxyBlanket

comctl32

ImageList_ReplaceIcon
InitCommonControls
CreatePropertySheetPageW
ImageList_Create

msvcrt

_access
__p__iob
memset
_rotr
isdigit
strrchr
toupper
qsort
_finite
mbstowcs
ctime
rand
atol
_strnicmp
realloc
_rotl
_commit
_wcslwr
_amsg_exit
_CIsqrt

oleaut32

SafeArrayGetUBound
CreateErrorInfo
SysStringByteLen
VariantChangeType
VariantClear
VariantCopy
SysAllocStringLen
SafeArrayPtrOfIndex
SysStringLen
SafeArrayAccessData
LoadTypeLib
RegisterTypeLib
SafeArrayGetElement
SetErrorInfo
SafeArrayGetLBound
RegisterTypeLibForUser
SafeArrayCreate
SafeArrayUnaccessData
VariantCopyInd
SysFreeString
SysAllocStringByteLen
VariantInit
OleLoadPicture
GetErrorInfo
VariantChangeTypeEx
SafeArrayPutElement
SysReAllocStringLen
GetActiveObject

kernel32

ExitProcess
GetFullPathNameW
HeapSize
LeaveCriticalSection
FormatMessageW
FreeEnvironmentStringsA
FileTimeToLocalFileTime
GlobalLock
GetFileAttributesA
GetStartupInfoA
FileTimeToSystemTime
Sleep
FindNextFileW
FindFirstFileW
GetLastError
CreateFileW
LocalFree
FindResourceA
HeapAlloc
RemoveDirectoryW
GetEnvironmentStringsW
SetEndOfFile
DeleteFileW
GetTickCount
GlobalUnlock
VirtualQuery
GetCurrentThreadId
GetCommandLineA
GetCommandLineW
IsDBCSLeadByte
VirtualAllocEx
GetThreadLocale

rpcrt4

NdrDllGetClassObject
NdrOleFree
NdrDllRegisterProxy
UuidToStringW
IUnknown_Release_Proxy
NdrCStdStubBuffer_Release
RpcServerRegisterIfEx
RpcServerUnregisterIf
CStdStubBuffer_DebugServerQueryInterface
RpcRaiseException
RpcStringBindingComposeW
CStdStubBuffer_Disconnect
RpcServerRegisterAuthInfoW
NdrStubForwardingFunction
RpcBindingFromStringBindingW
NdrClientCall2
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
CStdStubBuffer_CountRefs
IUnknown_AddRef_Proxy
RpcRevertToSelf
NdrOleAllocate
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
RpcBindingFree
RpcBindingSetAuthInfoW
RpcEpResolveBinding
RpcServerUseProtseqEpW
IUnknown_QueryInterface_Proxy
UuidToStringA

user32

GetSystemMetrics
GetWindowPlacement
GetPropA
DestroyWindow
LoadImageW
ShowWindow
MessageBoxW
GetMessageW
DialogBoxParamW
EnableWindow
GetCursorPos
MsgWaitForMultipleObjects
GetMessagePos
DispatchMessageW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f13927875b0cdf8de6066dfced9c202

Headers

DLL Characteristics

File Characteristics

Imports

ole32

comctl32

msvcrt

oleaut32

kernel32

rpcrt4

user32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 24KB - Virtual size: 28KB

.idata Size: 22KB - Virtual size: 30KB

.rdata Size: 40KB - Virtual size: 57KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 24KB - Virtual size: 28KB

.idata
Size: 22KB - Virtual size: 30KB

.rdata
Size: 40KB - Virtual size: 57KB