d282b0fc035840f168bbde847628de56_JaffaCakes118

General

Target

d282b0fc035840f168bbde847628de56_JaffaCakes118
Size

453KB
MD5

d282b0fc035840f168bbde847628de56
SHA1

d17e5d6b2dc63fa6484b38661c1b103119c59a28
SHA256

a1d36514d510409eb322e5adaa67b7ba0e85ba02a2d14b796e517a49907cb479
SHA512

f2755e16ce5be0c9eea9949b772fef46fa0e5457a04ec965437e073025e4146cb6209094bb261568bbe8d65e68aecca743d405fe41b9996e334f4edb6e48f025
SSDEEP

6144:gxnGIgaIDMppfxBROxClTyWmHZbYrjqkdNYejOrQsI8d0dmeFdtwJOp5YL+qv:juGMDRD2Vkn5ldmwKOnI+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d282b0fc035840f168bbde847628de56_JaffaCakes118

Files

d282b0fc035840f168bbde847628de56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e6c0d0b460a9178d9bd29ecf1eb8e917

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
LoadModule
GetCompressedFileSizeA
EnumSystemLocalesW
QueryPerformanceCounter
GetCurrentProcess
HeapAlloc
LoadLibraryA
EnumResourceTypesA
ExitProcess
VirtualAlloc
RtlZeroMemory
SystemTimeToFileTime
GetSystemTimeAsFileTime
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetModuleHandleA
HeapFree
GetProcAddress
RtlUnwind
TerminateProcess
GetModuleFileNameA
HeapReAlloc
GetModuleHandleW
GetCurrentThreadId

gdi32

CreateRectRgnIndirect
SetMapperFlags
SetICMProfileA
GetCharWidthW
StrokePath
SetPixelFormat
GetMapMode
GetPixel
DPtoLP
SetDeviceGammaRamp
EnumMetaFile
CloseMetaFile
StartDocA
GetClipBox
GetWorldTransform
ExtEscape
SetTextColor
DeleteColorSpace
GetTextColor
CopyEnhMetaFileA
GetViewportExtEx
GetEnhMetaFileBits

shell32

ShellExecuteExA
ShellExecuteExW
SheGetDirA
SHQueryRecycleBinA
RealShellExecuteW
ShellAboutA
DragQueryPoint
SHBrowseForFolder
SHFileOperation
SHLoadInProc
SheChangeDirExW
FindExecutableA
ExtractIconA
ExtractAssociatedIconW
ShellAboutW
RealShellExecuteExA
SHGetSpecialFolderPathW
SHInvokePrinterCommandW
ExtractAssociatedIconA
SHBrowseForFolderA
InternalExtractIconListW
SHInvokePrinterCommandA

comdlg32

GetFileTitleA
ChooseColorA
PrintDlgW
ReplaceTextW
PageSetupDlgW
PageSetupDlgA
GetOpenFileNameA
ChooseFontW
GetSaveFileNameA
ReplaceTextA
PrintDlgA
GetFileTitleW
LoadAlterBitmap
GetSaveFileNameW

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6c0d0b460a9178d9bd29ecf1eb8e917

Headers

File Characteristics

Imports

kernel32

gdi32

shell32

comdlg32

Sections

.text Size: 173KB - Virtual size: 172KB

.data Size: 265KB - Virtual size: 265KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 173KB - Virtual size: 172KB

.data
Size: 265KB - Virtual size: 265KB

.rsrc
Size: 13KB - Virtual size: 13KB