b7386eee9b128696740c7c7aff430978_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7386eee9b128696740c7c7aff430978_JaffaCakes118
Size

80KB
MD5

b7386eee9b128696740c7c7aff430978
SHA1

16e9a25d825497c6a64ef98d443143bc05b4b8ad
SHA256

9bd631569e205f04b0d2fb931b1abb80f4f9f26e7ec4cddd17ddba058f7bb380
SHA512

f27cbd59d03a42bc1a550c7cccc888fcb69600798742fd687ade5e274162ded2d50aa22d884c3e80332dc56db334023c3fef3843a1e6adb6019df49fddccf1db
SSDEEP

1536:Dg+4Ip4f62riT+X0P6nOiL9EjrP+iupt46KnUCcVzvv/SNfyEM0gVdngxPZgLoKB:DmziTIbODb9i4RWVzKNfy3Vdgx4o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7386eee9b128696740c7c7aff430978_JaffaCakes118

Files

b7386eee9b128696740c7c7aff430978_JaffaCakes118
.exe windows:4 windows x86 arch:x86

536788e9ca8852f09efa06b16fd6f1f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

SetWindowTextA
FrameRect
GetScrollPos
EqualRect
GetSysColorBrush
GetSysColor
EnumWindows
SetWindowPos
EnableMenuItem
PostQuitMessage
GetMessageA
GetSubMenu
UnhookWindowsHookEx

kernel32

RtlUnwind
ExitProcess
GetACP
GetTickCount
InterlockedExchange
GetFileAttributesA
GetOEMCP
QueryPerformanceCounter
FileTimeToSystemTime
GetSystemTime
SetUnhandledExceptionFilter
GetTempPathA
VirtualAllocEx
GetThreadLocale
GetCurrentProcessId
GetStartupInfoA
GetTimeZoneInformation

gdi32

SelectClipPath
DPtoLP
CopyEnhMetaFileA
SetViewportExtEx
CreateCompatibleBitmap
CreateICW
GetMapMode
ExcludeClipRect
FillRgn

ole32

CoCreateInstance
CoTaskMemRealloc
CoInitialize
CoInitializeSecurity
DoDragDrop
CoRevokeClassObject
StringFromGUID2
OleRun
StgOpenStorage

advapi32

RegCreateKeyA
AdjustTokenPrivileges
CryptHashData
GetSecurityDescriptorDacl
RegQueryValueExW
QueryServiceStatus
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetUserNameA

msvcrt

__initenv
raise
puts
_flsbuf
_strdup
_CIpow
fprintf
iswspace
strcspn
strlen
fflush
__getmainargs
_mbscmp
strncpy
_lock
_fdopen
signal
__setusermatherr

comctl32

ImageList_LoadImageW
ImageList_LoadImageA
ImageList_ReplaceIcon
CreatePropertySheetPageA
ImageList_GetIcon
InitCommonControls
ImageList_Write
ImageList_GetIconSize
ImageList_Destroy
ImageList_DragEnter
ImageList_DrawEx
ImageList_GetBkColor
ImageList_SetIconSize

shell32

DragAcceptFiles
SHGetPathFromIDList
ShellExecuteEx
DragQueryFileW
DragQueryFileA
ShellExecuteW
ExtractIconExW
SHBrowseForFolderA
ExtractIconW
DoEnvironmentSubstW
CommandLineToArgvW

oleaut32

SafeArrayRedim
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayUnaccessData
SafeArrayPutElement
VariantCopy

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

536788e9ca8852f09efa06b16fd6f1f4

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 41KB - Virtual size: 40KB

.rsrc Size: 6KB - Virtual size: 34KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 34KB