d1af21b60e85e8af174076782e575bec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d1af21b60e85e8af174076782e575bec_JaffaCakes118
Size

244KB
MD5

d1af21b60e85e8af174076782e575bec
SHA1

1d305ca7837adcb8e7abd13a30664359a3d22cad
SHA256

00bda79629e6717bbd572e6d54a2d47b052a2ae3f51df84c094398d757cc4f68
SHA512

3413425ba67d4125c691f76649570a0a138df9d1ace22de82278ee391fdd371c7f1819545d25669012c0d396a2cc9c75d4a4519f68577a635a5e981df27bea53
SSDEEP

6144:q5BfbTT0F/pP0GPFams5z11BZV2Sm+PF1b:IBfbT0NxFtsPvNm+rb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1af21b60e85e8af174076782e575bec_JaffaCakes118

Files

d1af21b60e85e8af174076782e575bec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36f4355ac161c26aea63bf823b45065c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
OutputDebugStringA
WritePrivateProfileStructA
CreateDirectoryExA
DebugBreak
RemoveDirectoryA
SetFileTime
DeleteFiber
GetShortPathNameW
GlobalDeleteAtom
ExitProcess
GetAtomNameA
IsBadStringPtrA
IsDBCSLeadByteEx
_lopen
GetVersionExA
VirtualAlloc
_lclose

user32

SetDlgItemTextW
DrawStateA
FlashWindowEx
CreateAcceleratorTableW
DrawTextExA
DialogBoxParamW
OemKeyScan
IsRectEmpty
SwapMouseButton
GetClassNameA
LoadBitmapW
GetWindowThreadProcessId
ShowOwnedPopups
ShowCursor
CharUpperA
EnumDesktopWindows
GetInputState
DialogBoxParamA
GetWindowTextW
GetScrollPos
SendDlgItemMessageA
FrameRect
DrawCaption
SendMessageW
MoveWindow
GetUpdateRgn
OpenInputDesktop
CloseDesktop
DrawEdge
ScrollWindowEx
EqualRect

comdlg32

ChooseColorW
FindTextW
PrintDlgA
GetSaveFileNameA

advapi32

EnumServicesStatusW
OpenSCManagerW
RegCreateKeyA
RegQueryValueExA
ReadEventLogW
RegQueryInfoKeyA
CloseEventLog
ChangeServiceConfigW
OpenServiceW
RegFlushKey
SetSecurityDescriptorOwner
EnumServicesStatusA
OpenEventLogW
StartServiceCtrlDispatcherA
RegDeleteKeyA
InitiateSystemShutdownA
CryptReleaseContext
AccessCheckAndAuditAlarmW
CryptVerifySignatureW
QueryServiceStatus
DeleteService
GetNamedSecurityInfoA
OpenProcessToken
RegUnLoadKeyW
RegRestoreKeyA
AddAccessDeniedAce
SetSecurityDescriptorGroup
LookupPrivilegeDisplayNameA
RegEnumKeyExW
GetSidLengthRequired
CloseServiceHandle
InitializeAcl
NotifyChangeEventLog
CryptGetProvParam
LogonUserW

shell32

FindExecutableW
FindExecutableA
SHChangeNotify
SHGetSpecialFolderLocation
DragAcceptFiles

ole32

CreateOleAdviseHolder
OleRegGetUserType
StgOpenStorage
OleCreate
CoDisconnectObject

oleaut32

SafeArrayCreate
LoadTypeLibEx
SafeArrayPutElement
VariantCopy
SafeArrayGetElement
SetErrorInfo
SysStringLen
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayRedim

comctl32

ImageList_Draw
ImageList_DragMove
PropertySheetW

shlwapi

SHRegCreateUSKeyW
PathIsSameRootW
SHDeleteKeyW
PathQuoteSpacesA
PathIsFileSpecA
PathIsFileSpecW
StrCatW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36f4355ac161c26aea63bf823b45065c

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 232KB - Virtual size: 229KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 232KB - Virtual size: 229KB