c761b5a0b757928c72ead3f2886b3319_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c761b5a0b757928c72ead3f2886b3319_JaffaCakes118
Size

2.0MB
MD5

c761b5a0b757928c72ead3f2886b3319
SHA1

efd61ce2efceb80334f8f906479bc43a7b0a89d0
SHA256

5e0cf2c207b3c73b40653513a2df407e8e105a977a2ab255526ddbc4d074eecd
SHA512

2610efbaaf99b4de0400a20b68b10b686f5559dffcf4fd4dfa918c7d8ebcd21a4bf1f33083b2666f293cb2c29734a18619830fd79bb340dddcccb88f7abf34bb
SSDEEP

24576:aa6B45hlYBog0T2kC9yAJ+2+CRD6PyUR+draiecKODStPlmpi8HrWQmMM6uhPWxt:aayohlcnPJ++66Uwds5OyPIpP06Xxt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c761b5a0b757928c72ead3f2886b3319_JaffaCakes118

Files

c761b5a0b757928c72ead3f2886b3319_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be569c078e48ff9bf5677cf50a39bd11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LogonUserW
CryptSetKeyParam
SetEntriesInAclW
DuplicateToken
RegDeleteValueW
CreateProcessAsUserA
InitiateSystemShutdownW
InitializeSid
ReportEventW
GetTokenInformation
AbortSystemShutdownA
RegDeleteValueA
CreatePrivateObjectSecurity
DestroyPrivateObjectSecurity
CryptSetProvParam
MapGenericMask
GetSecurityDescriptorGroup

user32

HiliteMenuItem
NotifyWinEvent
AppendMenuW
DefDlgProcA
GetMenuItemID
CreateDesktopA
CreateWindowExW
CharPrevA
WindowFromDC
ShowWindow
LoadMenuIndirectA
BroadcastSystemMessageW
IntersectRect
DefFrameProcA
ModifyMenuA
ModifyMenuW
GetWindow
MessageBeep
PostQuitMessage
RegisterClipboardFormatW
LoadCursorFromFileW
EnableMenuItem
GetUserObjectInformationA

kernel32

SetCurrentDirectoryA
FormatMessageW
SetErrorMode
SetProcessAffinityMask
MoveFileW
CreateWaitableTimerA
EnumCalendarInfoA
CreateFileW
ReadConsoleInputW
OpenSemaphoreW
GetTempFileNameA
GetShortPathNameW
OpenFile
_lclose
GetDateFormatA
SetTimeZoneInformation
GetCurrentProcessId
VirtualLock
SetThreadPriorityBoost
ExitProcess
WritePrivateProfileSectionW
lstrcmpiA
CreatePipe
ScrollConsoleScreenBufferA
LocalReAlloc
GetThreadContext
CompareStringA
GlobalFindAtomW
FillConsoleOutputCharacterA
GetStringTypeExW

comdlg32

ReplaceTextW
ReplaceTextA

comctl32

ImageList_Add
ImageList_GetImageCount
ImageList_EndDrag

version

VerQueryValueA

ole32

GetClassFile
CoMarshalInterface
CoLockObjectExternal
CoUninitialize

oleaut32

SafeArrayCreate
VariantChangeType

msvcrt

clock
_wcsdup
_wsopen
wcsncmp
_ismbblead
_exit
_wchdir
ctime
fseek
_locking
_wspawnv

Sections

.text
Size: 16KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be569c078e48ff9bf5677cf50a39bd11

Headers

File Characteristics

Imports

advapi32

user32

kernel32

comdlg32

comctl32

version

ole32

oleaut32

msvcrt

Sections

.text Size: 16KB - Virtual size: 233KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 16KB - Virtual size: 233KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 17KB - Virtual size: 16KB