ced6ba1d6a2e89acbf2e38507d9658d7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ced6ba1d6a2e89acbf2e38507d9658d7_JaffaCakes118
Size

130KB
MD5

ced6ba1d6a2e89acbf2e38507d9658d7
SHA1

7b4821ecd1f551ce8406b271ae9ee69aeaa65dfd
SHA256

c61b19d58cfd80ddfba4947f8ee6052fe1cee72fafa4a140308f01e900a5ca9a
SHA512

2abfa21c6763cc46f23d7097e8806e0a7f6597bd4b5d8463a2af73a34beaabfccfc68bc31c80906386b26396f64ea437d13b6ebc7d81960c0adf6b256e4f9636
SSDEEP

3072:VsdPEu2kVbbO5EpfyD9EubjAorw9yQunzXjP0PkPPPPaa12+gPPPaJDcEcb4kC9:YS5Epf89yPiXSEsG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ced6ba1d6a2e89acbf2e38507d9658d7_JaffaCakes118

Files

ced6ba1d6a2e89acbf2e38507d9658d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c2bdb83016ef9bff2d0ba0f2bfb53ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualProtect
DeviceIoControl
GetTempPathW
IsValidCodePage
EnumCalendarInfoA
GetStartupInfoA
SetStdHandle
lstrlenW
GetModuleHandleA
QueryPerformanceCounter

msvcrt

_initterm
isleadbyte
atol
__p__fmode
__setusermatherr
__set_app_type
wcstol
__getmainargs
exit
wcscat
log
__p__commode
_XcptFilter
_acmdln
_except_handler3
strspn
_setjmp3
ungetc
_adjust_fdiv

user32

GetCursorPos
IsDialogMessageA
WaitMessage
RegisterWindowMessageA
EnumWindows
ReleaseCapture
GetWindowPlacement

comctl32

ImageList_DragLeave
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetDragCursorImage
ImageList_Read
ImageList_Replace
ImageList_SetImageCount
ImageList_LoadImageW
ImageList_ReplaceIcon
DestroyPropertySheetPage
ImageList_DrawEx
ImageList_Write

gdi32

SetTextCharacterExtra
GetEnhMetaFileDescriptionA
StretchDIBits
GetCurrentObject
ExtSelectClipRgn

advapi32

RegOpenKeyW
CloseServiceHandle
DeregisterEventSource
RegEnumKeyExW
OpenServiceA
CryptDestroyHash
RegQueryValueExA
OpenSCManagerW
LookupPrivilegeValueW
CryptCreateHash
AllocateAndInitializeSid
InitiateSystemShutdownA

version

GetFileVersionInfoSizeA
VerLanguageNameA
GetFileVersionInfoA
VerQueryValueA

ole32

CoInitialize
CreateItemMoniker
StringFromIID
PropVariantClear
CoTaskMemAlloc
CoInitializeEx
StgOpenStorageOnILockBytes
OleSetClipboard
OleIsCurrentClipboard
OleDraw
CreateILockBytesOnHGlobal

shell32

SHGetPathFromIDListA
SHAppBarMessage
DragAcceptFiles
Shell_NotifyIconA
SHGetSpecialFolderPathW
SHGetPathFromIDList
ExtractIconExA
ShellExecuteA
DragQueryFileA
SHBrowseForFolderA
CommandLineToArgvW

oleaut32

SafeArrayPutElement
VariantInit
SafeArrayCreate
SysAllocStringByteLen
SetErrorInfo
SafeArrayUnaccessData

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c2bdb83016ef9bff2d0ba0f2bfb53ba

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

comctl32

gdi32

advapi32

version

ole32

shell32

oleaut32

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 49KB - Virtual size: 48KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 17KB - Virtual size: 16KB