d29eb0326fa7f6eff4a137718a380a6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d29eb0326fa7f6eff4a137718a380a6a_JaffaCakes118
Size

81KB
MD5

d29eb0326fa7f6eff4a137718a380a6a
SHA1

2c2f26db1c6bce881eb970030d9edeafde69cf42
SHA256

36f8d5159eeeb95202095545612390dddfa07e397b0f49bfacd291c5bbdfa215
SHA512

e83ba6e28e9d2e8f3f5b0c749914adad5ea1fc7266a53f30df6ba6f7a1cd8428ef507a60949714e1e0a968ec48853af6715e9f388d1d8fe9fc500426e2245c43
SSDEEP

1536:Ice+px7FgdvdyoAchfMwTrGm64RyNxb/SNb+FzuTbCOabB2D:IcPx7adDthfBTr166ym+Fzu0bB2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d29eb0326fa7f6eff4a137718a380a6a_JaffaCakes118

Files

d29eb0326fa7f6eff4a137718a380a6a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

844603bfdbfc2890bf72e33968a540a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

UnhookWindowsHookEx
GetScrollPos
SetWindowTextA
EnableMenuItem
GetSysColorBrush
EqualRect
GetMessageA
EnumWindows
GetSysColor
FrameRect
GetSubMenu
PostQuitMessage
SetWindowPos

kernel32

GetTimeZoneInformation
GetCurrentProcessId
SetUnhandledExceptionFilter
GetSystemTime
RtlUnwind
GetFileAttributesA
QueryPerformanceCounter
FileTimeToSystemTime
VirtualAllocEx
ExitProcess
GetThreadLocale
InterlockedExchange
GetStartupInfoA
GetOEMCP
GetTempPathA

gdi32

CopyEnhMetaFileA
GetMapMode
SetViewportExtEx
CreateICW
ExcludeClipRect
CreateCompatibleBitmap
DPtoLP
FillRgn
SelectClipPath

ole32

CoInitializeSecurity
OleRun
StgOpenStorage
StringFromGUID2
CoTaskMemRealloc
CoRevokeClassObject
CoInitialize
DoDragDrop
CoCreateInstance

advapi32

CryptHashData
GetUserNameA
AdjustTokenPrivileges
RegCreateKeyA
RegCreateKeyExW
RegQueryValueExW
GetSecurityDescriptorDacl
CheckTokenMembership
FreeSid
QueryServiceStatus

msvcrt

iswspace
puts
_mbscmp
fprintf
strcspn
_CIpow
_strdup
__setusermatherr
__getmainargs
fflush
__initenv
raise
_lock
_fdopen
signal
strlen
_flsbuf
strncpy

comctl32

CreatePropertySheetPageA
ImageList_LoadImageW
ImageList_GetIcon
ImageList_LoadImageA
ImageList_Destroy
InitCommonControls
ImageList_DrawEx
ImageList_Write
ImageList_DragEnter
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_GetBkColor
ImageList_SetIconSize

shell32

DoEnvironmentSubstW
ExtractIconExW
SHGetPathFromIDList
DragQueryFileW
CommandLineToArgvW
ExtractIconW
SHBrowseForFolderA
DragQueryFileA
DragAcceptFiles
ShellExecuteEx
ShellExecuteW

oleaut32

SysReAllocStringLen
SafeArrayGetUBound
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayRedim
SafeArrayCreate
VariantCopy
SafeArrayPtrOfIndex

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

844603bfdbfc2890bf72e33968a540a4

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 33KB - Virtual size: 33KB

.data Size: 41KB - Virtual size: 40KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 33KB - Virtual size: 33KB

.data
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 6KB - Virtual size: 5KB