d483917950ea65100de496e373ff679b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d483917950ea65100de496e373ff679b_JaffaCakes118
Size

137KB
MD5

d483917950ea65100de496e373ff679b
SHA1

03bece824a732db71a7d8da65de4b6baf5237c58
SHA256

2d0ca82c475b3c68f546178c8f2a70cedf2681df98ee57ec548388eac759cddf
SHA512

51077c31342af97fa4510a6dbd70b84b0a61d11631e042b7398a9d2932cf246dd88649e3b88a3ef7b574652440039de43d8d141a1f7410341935c7ce983e7055
SSDEEP

3072:5/UCiH8YMaqJxOeh/pbc+fmMJ7Jp8vdmaXZAeTKo/EN7TF/UKCzCCiVE8:5/FbrRh/pbNBffaXCeTKc4UKCE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d483917950ea65100de496e373ff679b_JaffaCakes118

Files

d483917950ea65100de496e373ff679b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d7a0c6ee60e0d1300210edfb70416fb4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_XcptFilter
__set_app_type
_acmdln
__p__commode
_dup
_CIsqrt
_except_handler3
__p__fmode
fsetpos
_controlfp
free
_pipe
exit
_adjust_fdiv
remove
_fullpath
__getmainargs
realloc
_mkdir
iswctype
_initterm
__setusermatherr
longjmp
bsearch
log10

kernel32

CreateFileMappingA
VirtualProtect
GetStartupInfoA
GetModuleHandleA
GetFileAttributesA
lstrlenW
GetLocaleInfoW
GetExitCodeProcess

user32

IsChild
SetActiveWindow
GetKeyState
DestroyIcon
FindWindowA
GetCursorPos
GetMenuItemCount
ReleaseCapture
RemoveMenu
GetForegroundWindow
IsWindowEnabled
SetCursor
ShowCursor
ScrollWindow

shell32

SHGetSettings
SHBindToParent
CommandLineToArgvW
DragQueryFile
DragQueryFileW
SHGetSpecialFolderPathW
ExtractIconExW

advapi32

RegDeleteValueW
GetLengthSid
OpenProcessToken
LookupPrivilegeValueA
SetSecurityDescriptorOwner
RevertToSelf
RegEnumKeyExA
InitializeSecurityDescriptor
ControlService
RegCreateKeyA
RegEnumValueW

oleaut32

SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayPtrOfIndex
LoadTypeLib
VariantCopy
SysStringLen
VariantInit
SafeArrayGetUBound
GetErrorInfo
GetActiveObject

gdi32

FrameRgn
CreateBitmap
GetBitmapBits
GetDIBits
EnumFontFamiliesW
CreateDCA
BeginPath
PlayMetaFileRecord
GetTextColor
GetTextMetricsW

version

VerInstallFileW
GetFileVersionInfoA
VerQueryValueW
VerFindFileW
VerLanguageNameA
VerQueryValueA

ole32

StringFromGUID2
GetRunningObjectTable
CLSIDFromString
CoGetClassObject
CLSIDFromProgID
CoInitializeEx
RegisterDragDrop
OleUninitialize
CreateILockBytesOnHGlobal

comctl32

ImageList_DragEnter
ImageList_DragLeave
ImageList_Remove
ImageList_EndDrag
ImageList_Read

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d7a0c6ee60e0d1300210edfb70416fb4

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

shell32

advapi32

oleaut32

gdi32

version

ole32

comctl32

Sections

.text Size: 19KB - Virtual size: 19KB

.data Size: 17KB - Virtual size: 40KB

.rsrc Size: 99KB - Virtual size: 176KB

.text
Size: 19KB - Virtual size: 19KB

.data
Size: 17KB - Virtual size: 40KB

.rsrc
Size: 99KB - Virtual size: 176KB