d5f1c71a5a8ed01016e985c62a6e2bea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5f1c71a5a8ed01016e985c62a6e2bea_JaffaCakes118
Size

296KB
MD5

d5f1c71a5a8ed01016e985c62a6e2bea
SHA1

090e38a3c5fb742b1da16a52e096444dc66dd280
SHA256

9ff2804f51e5215c62bcdf8d89d7391fb95580f6f7e574d9e389115d35ef8009
SHA512

84414525e0df982775f69fe64b88b367456453a01ee7b623df42d20eac180dfa4f83ecc338753addc86ac3c6c1da37d8dabd8d16b87b7657812fa5298217d4af
SSDEEP

6144:M3Gz05aJTwDPsASBidTghYe+wJujkXhhEDH2i:WGduE5BoevIYH9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5f1c71a5a8ed01016e985c62a6e2bea_JaffaCakes118

Files

d5f1c71a5a8ed01016e985c62a6e2bea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

917d541785e3af718b71178cbb713d36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCursorInfo
WritePrivateProfileStringW
IsBadReadPtr
GetLongPathNameA
lstrcmpiA
ReadConsoleOutputA
GetModuleFileNameW
GetPrivateProfileStringW
GetVolumeInformationW
SwitchToFiber
lstrcpyA
FillConsoleOutputCharacterA
PeekConsoleInputW
OpenFile
GetShortPathNameA
FreeLibrary
GetSystemDefaultLangID
SetCurrentDirectoryA
VirtualProtect
GlobalFindAtomW
VirtualFree
SetProcessAffinityMask
OpenMutexA
GetBinaryTypeW
GlobalGetAtomNameW
SetConsoleMode
IsBadWritePtr
GetCommandLineA
GetVersionExA
SetCommMask
UnmapViewOfFile
ExitProcess
VirtualLock

user32

GetMenuDefaultItem
ChangeDisplaySettingsW
CopyRect
SystemParametersInfoA
InSendMessage
GetParent
CloseWindowStation
GetProcessDefaultLayout
ReleaseDC

gdi32

GetSystemPaletteUse

comdlg32

FindTextA
GetSaveFileNameA

advapi32

CryptGetProvParam
AbortSystemShutdownW
RegQueryInfoKeyA
IsValidAcl
GetSecurityDescriptorSacl
QueryServiceStatus
RegConnectRegistryA
GetSecurityDescriptorLength
GetTokenInformation
RegCreateKeyExW
RegisterEventSourceA

shell32

SHFileOperationA
SHChangeNotify
ExtractIconA

ole32

OleCreateLink
OleBuildVersion
CoSwitchCallContext
CoDisconnectObject

oleaut32

LoadTypeLi
SafeArrayGetLBound
SysAllocStringLen
SafeArrayRedim
QueryPathOfRegTypeLi
SysFreeString

shlwapi

ChrCmpIW
UrlApplySchemeW
StrDupA
PathUndecorateW
SHRegCloseUSKey
PathCanonicalizeW
UrlIsW
StrFormatByteSizeW
SHDeleteKeyW
StrCmpLogicalW
SHCopyKeyW
PathRemoveArgsW

setupapi

SetupDiGetClassDevsExA
SetupDiDeleteDeviceInfo
SetupIterateCabinetW
SetupFindFirstLineW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupCloseFileQueue
SetupIterateCabinetA
SetupTermDefaultQueueCallback
SetupCommitFileQueueA

Sections

.text
Size: 272KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

917d541785e3af718b71178cbb713d36

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

setupapi

Sections

.text Size: 272KB - Virtual size: 269KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 16KB - Virtual size: 14KB

.text
Size: 272KB - Virtual size: 269KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 16KB - Virtual size: 14KB