d29e21f91987573dc69485871fb37800_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d29e21f91987573dc69485871fb37800_JaffaCakes118
Size

1.1MB
MD5

d29e21f91987573dc69485871fb37800
SHA1

7105fc5e5a64d451cd4baf9508023cfe6e6f8e06
SHA256

c9eb82ada9253f432cc99a80f444740172ba3f9e30c6805218ab535f2029b953
SHA512

4b23b747a13b0145e17c093ae2c3b4914d77897b03ac390888a91b0d4fe4d9a277a2fae181c82b3a3f9511abc440ac307331b09353aa6a50c8eb9e556328d0c9
SSDEEP

24576:kCzn2zL+znBX30YKlRclWzcm0DKrEh++00DnhRxXfVHoQuiRUhp9EH:9nQC7FkYKlRSWzcrSE0KXxPVHoQuiRUe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d29e21f91987573dc69485871fb37800_JaffaCakes118

Files

d29e21f91987573dc69485871fb37800_JaffaCakes118
.exe windows:5 windows x86 arch:x86

018f2b27691786df178d07c547726bb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

OpenAs_RunDLLA
WOWShellExecute
PathMakeUniqueName
SHShellFolderView_Message
SHCreateLocalServerRunDll
RestartDialogEx
SHGetPathFromIDList
SHCreateDirectory
GetFileNameFromBrowse
SHGetFileInfoA
SHGetAttributesFromDataObject
SHGetDiskFreeSpaceA
SheSetCurDrive
PathCleanupSpec
IsNetDrive
SHGetSetSettings
ExtractAssociatedIconExA
Shell_MergeMenus
SHSetInstanceExplorer
SHChangeNotification_Lock
SHFileOperation
FindExecutableA
FreeIconList
OpenAs_RunDLL
SHGetFolderPathA
SHILCreateFromPath
ShellHookProc
SHCreateShellFolderViewEx
ShellExec_RunDLLA
DllGetClassObject
SHGetInstanceExplorer
SHGetSettings
SHCreateStdEnumFmtEtc
PathIsExe
SHGetDataFromIDListA
SHDoDragDrop
ShellExecuteA
SHCLSIDFromString
SHValidateUNC
SHCloneSpecialIDList
SHCreatePropSheetExtArray
ILFindLastID

user32

LoadStringA
CreateWindowExA
SetWindowLongA
CreateDialogParamA
SetDlgItemTextA
RegisterClassExA
DialogBoxParamA
DispatchMessageA
GetMessageA
MessageBeep
GetProcessDefaultLayout
ShowWindow
GetSysColor
DestroyWindow
SetProcessDefaultLayout
GetSysColorBrush
GetSubMenu
CheckMenuRadioItem
SendMessageA
GetMenu
LoadMenuA
CheckRadioButton
DefWindowProcA
TranslateMessage
CheckMenuItem
UpdateWindow
GetWindowRect
EndPaint

kernel32

GetSystemTimes
ReadFile
CreateMutexA
FileTimeToSystemTime
GetVersion
VirtualAllocEx
GetLastError
OpenMutexA
GetProcessHeap
CompareStringA
SetEnvironmentVariableA
PeekNamedPipe
GetSystemTime
ReleaseMutex
FileTimeToDosDateTime
SetFilePointer
ConnectNamedPipe
GetFileTime
ReadFileScatter
GetCurrentProcessId
DeleteFileA
CloseHandle
WaitNamedPipeA
CreateMailslotA
DisconnectNamedPipe
CreateFileA

Sections

.text
Size: 1015KB - Virtual size: 1015KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

018f2b27691786df178d07c547726bb3

Headers

DLL Characteristics

File Characteristics

Imports

shell32

user32

kernel32

Sections

.text Size: 1015KB - Virtual size: 1015KB

.data Size: 141KB - Virtual size: 140KB

.rsrc Size: 13KB - Virtual size: 3.1MB

.text
Size: 1015KB - Virtual size: 1015KB

.data
Size: 141KB - Virtual size: 140KB

.rsrc
Size: 13KB - Virtual size: 3.1MB