d3c768b80d7454b62e0190d78bfb11d8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d3c768b80d7454b62e0190d78bfb11d8_JaffaCakes118
Size

158KB
MD5

d3c768b80d7454b62e0190d78bfb11d8
SHA1

b7eac3702ed7a8a20d10557cbe94a5ed526e8b6e
SHA256

6a2a49e6fbde32e50ea1881740622f21c4d2dbd08b3b74f48fb2846dbfc19c80
SHA512

e1013cfa6205b78dff14981dd0f88d2fc9e50a1027c01c5c9be05d9fab7f9207201e44157287f3a8a40493218d00b08e05952991d6ad31197c7d9a28e773225e
SSDEEP

3072:t5/TclOGznrd70yvhOA19LKVeGAkUMnVQv/owj:txa5zrd4ChP3LwnAnTnjj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d3c768b80d7454b62e0190d78bfb11d8_JaffaCakes118

Files

d3c768b80d7454b62e0190d78bfb11d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1a7ca2d4d15271fd483cab889831675

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetPaletteEntries
LineTo
SetTextColor

oleaut32

VariantCopyInd
SafeArrayCreate
SysAllocStringLen
SysReAllocStringLen
SysStringLen
OleLoadPicture
GetErrorInfo
SafeArrayPtrOfIndex
VariantChangeType

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA

comctl32

ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_Remove
ImageList_GetBkColor
ImageList_Write

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerInstallFileA

user32

GetCursorPos
GetCapture
CallNextHookEx
GetKeyboardState
SetWindowTextA
GetClassLongA
SetWindowsHookExA
CreatePopupMenu
GetParent
IsDialogMessageA
GetPropA
IsChild
GetIconInfo
ChildWindowFromPoint
GetCursor
GetLastActivePopup
RemoveMenu
GetWindowPlacement
RedrawWindow
MoveWindow
InsertMenuA
SendMessageW

kernel32

Sleep
VirtualAlloc
ResetEvent
GetFileSize
ExitProcess
GetModuleHandleA
SetHandleCount
DeleteCriticalSection
ExitThread
GetACP
GetVersionExA
GetProcAddress

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconA
SHGetFolderPathA
SHGetDesktopFolder
SHGetDiskFreeSpaceA

ole32

CoTaskMemFree
CoGetContextToken
StringFromIID
CreateOleAdviseHolder
WriteClassStm
CoRevokeClassObject
CoUninitialize
StgOpenStorage
CLSIDFromString

shlwapi

SHSetValueA
PathIsDirectoryA
SHDeleteValueA
SHQueryValueExA
SHStrDupA
PathIsContentTypeA
SHEnumValueA
SHQueryInfoKeyA
PathGetCharTypeA

advapi32

GetLengthSid

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 126KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 512B - Virtual size: 505B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1a7ca2d4d15271fd483cab889831675

Headers

File Characteristics

Imports

gdi32

oleaut32

comdlg32

comctl32

version

user32

kernel32

shell32

ole32

shlwapi

advapi32

Sections

.text Size: 28KB - Virtual size: 28KB

.edata Size: 512B - Virtual size: 444B

.idata Size: 126KB - Virtual size: 254KB

BSS Size: 512B - Virtual size: 505B

.tls Size: 1024B - Virtual size: 686B

.text
Size: 28KB - Virtual size: 28KB

.edata
Size: 512B - Virtual size: 444B

.idata
Size: 126KB - Virtual size: 254KB

BSS
Size: 512B - Virtual size: 505B

.tls
Size: 1024B - Virtual size: 686B