b96749db7e245416b3c36c1c2600def1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b96749db7e245416b3c36c1c2600def1_JaffaCakes118
Size

328KB
MD5

b96749db7e245416b3c36c1c2600def1
SHA1

ea2fb4675ae9870107b7c3f87d56fbc42ca02551
SHA256

ec3ca12ac9c056ac3f8c929a9ca67f0470c84eab2c8de45b34b26df5f605bd94
SHA512

fba8621630d759e388e5b500339b594deb03fd152dfb733c98419dc0c05668fe1464412ec591a3434bb1fcb3dfd8d802274437fcf09290365826fe9de6c1625f
SSDEEP

6144:AITTjvVHjk3CJBgk1F4tLkfTW1f8l89+iTU2xaOzqhyIY5/SrV/:AwvvVDrZ1FDiO8xTU2xaO+hqw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b96749db7e245416b3c36c1c2600def1_JaffaCakes118

Files

b96749db7e245416b3c36c1c2600def1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b6afdb041f5852fb33c131ce0db9cc0c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DosDateTimeToFileTime
GetModuleHandleA
VirtualQuery
MoveFileExA
GetLogicalDriveStringsA
LoadResource
GetShortPathNameA
SizeofResource
EnumTimeFormatsW
GetDateFormatA
GetVolumeInformationW
IsProcessorFeaturePresent
VirtualAlloc
RaiseException
GetVersion
GetStartupInfoA

user32

DefMDIChildProcW
AttachThreadInput
GetNextDlgGroupItem
UnloadKeyboardLayout
SetPropA
SendMessageTimeoutA
GetMonitorInfoA
CopyIcon
LoadBitmapA
OpenClipboard
SetWindowPlacement
GetMenuItemInfoW
PeekMessageW
CheckMenuItem
IsDlgButtonChecked
GetNextDlgTabItem
LoadIconW
EnumDisplayMonitors
DrawTextW
SendInput
DialogBoxIndirectParamA
IsRectEmpty
DefWindowProcW
SetWindowContextHelpId
CascadeWindows

gdi32

GetRgnBox
RectVisible
CreatePenIndirect
DPtoLP
SaveDC
ExtCreateRegion
PlayMetaFile
SetBrushOrgEx

comdlg32

PrintDlgW
FindTextW

advapi32

RegEnumKeyW
RegConnectRegistryA
DeleteService
InitializeSid
CryptVerifySignatureA
RegNotifyChangeKeyValue
RegSaveKeyW
SetTokenInformation
CloseEventLog
CryptGetUserKey
GetSidLengthRequired
GetSecurityDescriptorControl
LookupPrivilegeValueA
ReadEventLogW
GetNamedSecurityInfoW
CryptCreateHash
SetFileSecurityA
DuplicateToken
RegSetValueA
ChangeServiceConfigA
SetSecurityDescriptorDacl
GetLengthSid
InitializeSecurityDescriptor
CreateServiceA
RegUnLoadKeyA
QueryServiceStatus
GetSecurityDescriptorDacl

shell32

DragFinish
SHChangeNotify
DragAcceptFiles
ExtractIconExW
FindExecutableW

oleaut32

VariantChangeType

comctl32

ImageList_AddMasked
DestroyPropertySheetPage

shlwapi

SHCreateStreamOnFileW
wnsprintfW

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit

Sections

iiusqi
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

uckwgau
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

smoqwi
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

muasyie
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6afdb041f5852fb33c131ce0db9cc0c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

oleaut32

comctl32

shlwapi

msvcrt

Sections

iiusqi Size: 2KB - Virtual size: 1KB

uckwgau Size: 3KB - Virtual size: 3KB

smoqwi Size: 282KB - Virtual size: 281KB

muasyie Size: 40KB - Virtual size: 39KB

iiusqi
Size: 2KB - Virtual size: 1KB

uckwgau
Size: 3KB - Virtual size: 3KB

smoqwi
Size: 282KB - Virtual size: 281KB

muasyie
Size: 40KB - Virtual size: 39KB