c11950c11dd4481834edf887062328d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c11950c11dd4481834edf887062328d2_JaffaCakes118
Size

80KB
MD5

c11950c11dd4481834edf887062328d2
SHA1

5e3b76ebe50e15d87151cd0e3ca622c1478dcc15
SHA256

bbf58635e0307803fc346c90bd242db77abdaecf61fb0102ccaf7c16531483ca
SHA512

c91590d41e8795033532bd8344bce37acf94ff9677c287d2e20e451d522e46cf65e7c443139da5a597dfc26e0273cea2748a0cd66d82cbb5f5b51198cf327254
SSDEEP

1536:oB0EMseQsOD5+opEm0yvolCumGcdlp6ywp0QQPIu06WwUg8eG:oSs9sI5+8xJAZTQBxUg2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c11950c11dd4481834edf887062328d2_JaffaCakes118

Files

c11950c11dd4481834edf887062328d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d3605b59f68e7abcacfae6f2702651f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

SetWindowPos
GetSubMenu
EnableMenuItem
PostQuitMessage
SetWindowTextA
GetSysColorBrush
GetMessageA
GetScrollPos
FrameRect
EqualRect
EnumWindows
UnhookWindowsHookEx
GetSysColor

kernel32

InterlockedExchange
GetSystemTime
GetStartupInfoA
GetOEMCP
FileTimeToSystemTime
SetUnhandledExceptionFilter
RtlUnwind
GetThreadLocale
ExitProcess
GetCurrentProcessId
GetACP
GetTimeZoneInformation
GetTempPathA
GetFileAttributesA
VirtualAllocEx
QueryPerformanceCounter

gdi32

CreateICW
FillRgn
ExcludeClipRect
GetMapMode
DPtoLP
SetViewportExtEx
SelectClipPath
CreateCompatibleBitmap
CopyEnhMetaFileA

ole32

CoInitialize
StringFromGUID2
OleRun
CoRevokeClassObject
StgOpenStorage
CoTaskMemRealloc
CoInitializeSecurity
CoCreateInstance
DoDragDrop

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
FreeSid
RegQueryValueExW
GetUserNameA
RegCreateKeyA
QueryServiceStatus
GetSecurityDescriptorDacl
CheckTokenMembership
CryptHashData

msvcrt

strncpy
__initenv
__getmainargs
raise
fprintf
strlen
strcspn
fflush
iswspace
puts
_flsbuf
signal
_fdopen
_lock
__setusermatherr
_mbscmp
_strdup
_CIpow

comctl32

ImageList_GetIcon
CreatePropertySheetPageA
ImageList_Destroy
ImageList_LoadImageW
ImageList_GetIconSize
ImageList_Write
ImageList_SetIconSize
ImageList_DragEnter
ImageList_ReplaceIcon
ImageList_LoadImageA
ImageList_GetBkColor
ImageList_DrawEx
InitCommonControls

shell32

CommandLineToArgvW
ShellExecuteEx
DragQueryFileW
DoEnvironmentSubstW
DragAcceptFiles
ExtractIconW
SHBrowseForFolderA
ExtractIconExW
ShellExecuteW
SHGetPathFromIDList
DragQueryFileA

oleaut32

SafeArrayRedim
SysReAllocStringLen
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayCreate
SafeArrayPutElement
VariantCopy
SafeArrayPtrOfIndex

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d3605b59f68e7abcacfae6f2702651f

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 39KB - Virtual size: 39KB

.rsrc Size: 6KB - Virtual size: 76KB

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 6KB - Virtual size: 76KB