d32d0882daae1c88b40dd1d9a65d835c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d32d0882daae1c88b40dd1d9a65d835c_JaffaCakes118
Size

190KB
MD5

d32d0882daae1c88b40dd1d9a65d835c
SHA1

f751e20d7eae475caaeded56fd8abb69e0d80749
SHA256

589dac118215d00dab43d7f0ab6359b44b3e18dea46660b645ad2d61b178ea36
SHA512

311bb2f3075eed67899f80332e75fe0bc5093c756a9da68eff5f3ed7c5bdc4a03518db9b3c39361effa8c209a8861f7438ca009b8ec7ad223722b73584908b43
SSDEEP

3072:bhTOeyOfei4mRtiuEcXHQjAygScco7EdpJcJTJscjufQ5d2lBH+9aq5MmC:NlDfeiPt5BQMURFAJ7H5d2lx9q5ZC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d32d0882daae1c88b40dd1d9a65d835c_JaffaCakes118

Files

d32d0882daae1c88b40dd1d9a65d835c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2c9e6419c5ebd6a2364f6321cad8a850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

user32

GetClassLongW
GetPropW
CreateWindowExW
InvalidateRect
SendDlgItemMessageA
CharUpperW
WinHelpW
RemovePropW
InvalidateRgn
RegisterWindowMessageW
CharNextW
SetPropW
GetNextDlgGroupItem
GetNextDlgTabItem
IsRectEmpty
GetClassInfoExW
MessageBeep
CopyAcceleratorTableW
SetRect
DestroyMenu

advapi32

RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

SetViewportOrgEx
OffsetViewportOrgEx
GetMapMode
ScaleWindowExtEx
TextOutW
DeleteDC
ExtSelectClipRgn
ScaleViewportExtEx
GetTextColor
PtVisible
GetDeviceCaps
GetStockObject
RectVisible
ExtTextOutW
SelectObject
GetBkColor
SetWindowExtEx
Escape
GetRgnBox

ole32

CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CoGetClassObject
StgOpenStorageOnILockBytes
OleFlushClipboard
CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
OleInitialize
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
OleIsCurrentClipboard
CoTaskMemFree
CoUninitialize
CreateILockBytesOnHGlobal
CoInitialize
CLSIDFromString

kernel32

GetCalendarInfoW
GetSystemDefaultLangID
LocalFileTimeToFileTime
FindClose
MultiByteToWideChar
MoveFileW
GetCurrentProcessId
GetThreadContext
GetFileAttributesW
WideCharToMultiByte
InterlockedDecrement
SystemTimeToFileTime
SetFilePointer
GetLocaleInfoW
SetFileTime
LoadLibraryW
ConvertDefaultLocale
DeleteFileW
EnumResourceNamesA
GetModuleFileNameW
FindFirstFileW
ReadFile
EnumResourceLanguagesW
ExitProcess
GetCurrentDirectoryW
RemoveDirectoryW
WriteFile
CreateFileW
CreateDirectoryW
lstrcpyW
FindNextFileW
GetVersion
GetProcAddress

shlwapi

PathStripToRootW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathAppendW

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c9e6419c5ebd6a2364f6321cad8a850

Headers

File Characteristics

Imports

shell32

user32

advapi32

oleacc

gdi32

ole32

kernel32

shlwapi

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 76KB - Virtual size: 76KB

.edata Size: 1024B - Virtual size: 112KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 76KB - Virtual size: 76KB

.edata
Size: 1024B - Virtual size: 112KB