c7d1aceb4137aa7ae62c99d67369e5b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c7d1aceb4137aa7ae62c99d67369e5b3_JaffaCakes118
Size

17KB
MD5

c7d1aceb4137aa7ae62c99d67369e5b3
SHA1

29dd83a5ee283e0dd5107813fc5e0e7af968489e
SHA256

99b6f838ac49de312e40431272e435d0a0d148bda8e90fde63f8200ce01d62bf
SHA512

7da1ac2d7419360d7c68804000d7e340ddab04e0e2b9ab4e89f795547da7b7758abd2c3c81d00f26d166874eb9ccd44752fba3a6316e507e4d43d17946be12a9
SSDEEP

384:sDp0eLsrG6IN2z/XrGPja8Qrf3dkxicnJfjAN3peOy5omWehibHgmK:K0e4ru4Oxc3pojWykJK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c7d1aceb4137aa7ae62c99d67369e5b3_JaffaCakes118

Files

c7d1aceb4137aa7ae62c99d67369e5b3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a13439dd2a397022538c86e96bfdf7fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
HeapFree
CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
VirtualFree
GetProcessHeap
WriteFile
CopyFileW
SizeofResource
GetModuleFileNameW
HeapAlloc
lstrlenW
GetProcAddress
VirtualAlloc
LoadLibraryA
CreateFileMappingW
LockResource
RemoveDirectoryW
lstrcatW
GetShortPathNameW
CloseHandle
DeleteFileW
CreateThread
CreateProcessW
LoadResource
FindResourceExW
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetEnvironmentVariableW
GetCommandLineW
ExitProcess
CreateFileW

comctl32

ord17
PropertySheetW

shlwapi

PathRemoveFileSpecW
StrCatBuffW
SHDeleteKeyW
StrCmpIW
PathAppendW

imagehlp

CheckSumMappedFile

user32

GetWindowTextW
LoadAcceleratorsW
TranslateMessage
GetDC
GetParent
PostMessageW
PostQuitMessage
GetMessageW
GetWindowRect
TranslateAcceleratorW
GetDlgItem
ShowWindow
CreateDialogParamW
GetSystemMetrics
SendMessageW
UpdateWindow
EnableWindow
SetWindowTextW
DefWindowProcW
MoveWindow
DispatchMessageW
ReleaseDC

gdi32

DeleteObject
CreateDIBitmap
CreateSolidBrush

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a13439dd2a397022538c86e96bfdf7fa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

shlwapi

imagehlp

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 133KB - Virtual size: 133KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 133KB - Virtual size: 133KB

.reloc
Size: 1KB - Virtual size: 1KB