c1e06bf45dc98a7849a2b0106bfcb996_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1e06bf45dc98a7849a2b0106bfcb996_JaffaCakes118
Size

142KB
MD5

c1e06bf45dc98a7849a2b0106bfcb996
SHA1

558bdfd8b0681750cc991f5e4ab0a650200a5cc9
SHA256

a1a9ca4869ef29ab619e6e924e8428b89c8401ed4f608f0455c9d773b71a95b0
SHA512

c90bda6e65b04a20256eb048d1d6667c00bc54ed6ed4490b18c0f06c8f0225e9c76f3083c20ca25477e1f72d846af65c4b86676d9e4175f2528a736b0e9794e4
SSDEEP

3072:iGLe266AhCYU8/PS18MPV10yp/q//FYJhMrCx:27y18MPV10yIniJhh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1e06bf45dc98a7849a2b0106bfcb996_JaffaCakes118

Files

c1e06bf45dc98a7849a2b0106bfcb996_JaffaCakes118
.exe windows:4 windows x86 arch:x86

265fa9387b99afe930e29031b53bf271

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CompareStringA
lstrcmpiW
GetTempFileNameA
GetSystemDirectoryA
GetModuleHandleA
IsBadWritePtr
WriteConsoleA
GetStartupInfoA
FileTimeToDosDateTime
VirtualProtect
CreateProcessW
GetCommandLineA

msvcrt

exit
__setusermatherr
__p__fmode
_getch
__getmainargs
puts
strcpy
_except_handler3
_mbsicmp
_controlfp
__set_app_type
_beginthreadex
localtime
_ultoa
_initterm
_write
_XcptFilter
log10
_acmdln
_adjust_fdiv
_amsg_exit
__p__commode
_osver
fsetpos
isleadbyte

version

GetFileVersionInfoA
VerLanguageNameA
GetFileVersionInfoSizeA
VerInstallFileW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerFindFileW
VerQueryValueW

user32

AdjustWindowRectEx
RedrawWindow
SetMenu
GetWindowRect
SetActiveWindow
GetClientRect

oleaut32

SafeArrayGetUBound
SysFreeString
SysReAllocStringLen
SafeArrayPtrOfIndex
SysStringLen
CreateErrorInfo
VariantCopyInd
SysAllocStringByteLen
SysAllocStringLen
GetActiveObject
SafeArrayGetElement

gdi32

RectVisible
Ellipse
ScaleViewportExtEx
Chord
SetViewportExtEx
GetViewportOrgEx
GetRgnBox
StretchBlt
MaskBlt

advapi32

RegOpenKeyW
SetSecurityDescriptorDacl
RegEnumValueA
GetTokenInformation
SetSecurityDescriptorGroup
RegDeleteValueA
AllocateAndInitializeSid

shell32

SHGetMalloc
Shell_NotifyIconA
FindExecutableW
ShellExecuteW
SHChangeNotify
SHBrowseForFolderA
SHCreateDirectoryExW
DoEnvironmentSubstW
DragAcceptFiles
SHGetFolderPathW
SHAddToRecentDocs

comctl32

CreateStatusWindowA
PropertySheetW
InitCommonControlsEx
ImageList_SetOverlayImage
CreatePropertySheetPageW
ImageList_DragLeave
InitializeFlatSB
DestroyPropertySheetPage
PropertySheetA
ImageList_GetImageCount
ImageList_SetImageCount

ole32

OleInitialize
GetRunningObjectTable
StringFromGUID2
StgOpenStorageOnILockBytes
CoLoadLibrary
OleUninitialize
CoCreateGuid

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jiimlam
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

265fa9387b99afe930e29031b53bf271

Headers

File Characteristics

Imports

kernel32

msvcrt

version

user32

oleaut32

gdi32

advapi32

shell32

comctl32

ole32

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 17KB - Virtual size: 42KB

.rsrc Size: 104KB - Virtual size: 132KB

jiimlam Size: - Virtual size: 4KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 17KB - Virtual size: 42KB

.rsrc
Size: 104KB - Virtual size: 132KB

jiimlam
Size: - Virtual size: 4KB