d6bcf07b580aac2a3381db93f99221f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6bcf07b580aac2a3381db93f99221f3_JaffaCakes118
Size

21KB
MD5

d6bcf07b580aac2a3381db93f99221f3
SHA1

f9cc747a84ed62fc0afec8fa9f480a44fa9c3809
SHA256

87d2c24cb2d1060a75babff05d3098239341507ad98ef7e37ae4cd56546e7f7d
SHA512

b1086e4270a7f4b68f38287fc11867a0a8b29dc86ad5ce2f860a76aa5f0082bb1aa271fb5bafc8bb9021d28de16bd257b729512b87d2c838d2590f820bd53fd1
SSDEEP

384:hmFjP+/9QEdOU1zZxU9iTM5ehnDJLLJda1kNXFH86eliTXliT0+ZIpNCLhQaBx64:Qz+/vdOe95I4DJfJA18XFc6e+Cqsx66p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6bcf07b580aac2a3381db93f99221f3_JaffaCakes118

Files

d6bcf07b580aac2a3381db93f99221f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d790af2195c2b0c385e71a80c2dc6de4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError

comctl32

ShowHideMenuCtl

user32

SystemParametersInfoW
GetClassInfoExW
GetMenuStringW
GetMenuItemInfoW
CharUpperW
SetPropW
EqualRect
IsChild
SetWindowPos
GetDlgItem
IntersectRect
GetSystemMetrics
ShowWindow
LoadMenuW
GetWindow

kernel32

LoadResource
GetShortPathNameW
SetFilePointer
GetFullPathNameW
SetEndOfFile
GlobalFree
GetLastError
CreateProcessW
CreateFileW
lstrcmpiW
VirtualAlloc
LockResource
TlsGetValue
GetSystemInfo
HeapAlloc
GetCurrentProcess
GetFileAttributesW
HeapReAlloc
EnterCriticalSection
DeleteFileW
FlushFileBuffers
GetFileSize
CloseHandle
HeapFree
LockFile
DuplicateHandle
lstrlenW
LeaveCriticalSection
GetUserDefaultLCID
GetVolumeInformationW
UnlockFile
WaitForSingleObject
WriteFile
FindResourceW
SetLastError
FormatMessageW
GetThreadLocale
GetProcessHeap
GetStringTypeExW
GlobalAlloc
GlobalReAlloc
lstrlenA
FindClose
lstrcpyA
GetCurrentProcessId
CreateEventW
LocalAlloc
GetModuleFileNameW
FindNextFileW
MoveFileW
GlobalSize
GlobalLock
GlobalUnlock
WideCharToMultiByte
MulDiv
GetFileAttributesA
CopyFileW
SizeofResource
ResetEvent
ReadFile
LoadLibraryA
Sleep
GetVersionExW

comdlg32

GetFileTitleW

advapi32

RegSetValueExW
RegCreateKeyA
RegDeleteValueW
RegSetValueW
RegCreateKeyW
RegCreateKeyExW
RegDeleteKeyW
RegNotifyChangeKeyValue
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegOpenKeyW

shlwapi

PathIsUNCW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathStripToRootW

shell32

ExtractIconW
Shell_NotifyIconW
ShellExecuteW
SHGetFileInfoW

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

Sections

.data
Size: 13KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 475B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d790af2195c2b0c385e71a80c2dc6de4

Headers

File Characteristics

Imports

ws2_32

comctl32

user32

kernel32

comdlg32

advapi32

shlwapi

shell32

version

oleacc

Sections

.data Size: 13KB - Virtual size: 72KB

.reloc Size: 512B - Virtual size: 20B

.text Size: 512B - Virtual size: 475B

.rsrc Size: 2KB - Virtual size: 1KB

.rdata Size: 4KB - Virtual size: 3KB

.data
Size: 13KB - Virtual size: 72KB

.reloc
Size: 512B - Virtual size: 20B

.text
Size: 512B - Virtual size: 475B

.rsrc
Size: 2KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 3KB