d6c34f945275da47fce9f49b484fc3f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6c34f945275da47fce9f49b484fc3f2_JaffaCakes118
Size

188KB
MD5

d6c34f945275da47fce9f49b484fc3f2
SHA1

89ccf7cbbd13313fb243b9eae569a08816c9fe85
SHA256

dcf0da28914f7b69ce916ae7d8e1d97503123529a8ccd09ea969c62edb632823
SHA512

c9b14299340e7cabfee3947d216a2d3d6d1dcf7d94c1a5595e66fb66670a5541e38219bc352878e8c917f4e80f6d333920e8323a0ccb8252fe0f973eba7bc0e2
SSDEEP

3072:zta7IjIAU85UV4WthBgW02068YCiZn7ik6RxOjpqPG7w:zaIjIQVWhZ0dYDnPCxI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6c34f945275da47fce9f49b484fc3f2_JaffaCakes118

Files

d6c34f945275da47fce9f49b484fc3f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d21a9f880aec459942a2fe05df9b75b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

assoc2.pdb

Imports

gdi32

GetTextFaceW
GetCurrentObject

kernel32

lstrcmpW
GetThreadLocale
GetUserDefaultLangID
GetUserDefaultLCID
GetLastError
FreeConsole
GetDiskFreeSpaceA
GetProcAddress
GetDiskFreeSpaceW
LoadLibraryW
WritePrivateProfileStringA
GetConsoleScreenBufferInfo
GetSystemDefaultLCID
ReadFileScatter
DeleteTimerQueueTimer
CancelTimerQueueTimer
SetCommBreak
ExitThread
ExitProcess
RemoveDirectoryW
GetConsoleWindow

user32

GetClassNameA
ShowWindow
GetShellWindow

comctl32

FlatSB_GetScrollProp
ImageList_GetImageCount
ImageList_SetDragCursorImage
CreatePropertySheetPageA
InitializeFlatSB
ImageList_LoadImageA
ImageList_Copy
ImageList_LoadImageW
ImageList_GetDragImage
ImageList_DrawEx
ImageList_GetIconSize
ord15
ImageList_EndDrag
ImageList_Duplicate
PropertySheetW
ord17
ImageList_GetIcon
ImageList_SetImageCount
CreateStatusWindowW
PropertySheetA
ord6
ord5
ImageList_DragShowNolock
FlatSB_EnableScrollBar
FlatSB_GetScrollPos
FlatSB_ShowScrollBar

shlwapi

StrDupA
PathFindSuffixArrayA
PathGetCharTypeW
PathParseIconLocationA
StrCpyNW
StrIsIntlEqualA
PathCreateFromUrlW
StrCmpIW
StrRetToBufW
StrFormatKBSizeW
SHRegCreateUSKeyW
UrlIsOpaqueW
UrlHashA
PathRelativePathToA
PathRemoveExtensionA
UrlCompareW
SHCopyKeyW
PathFindSuffixArrayW
SHQueryValueExW
SHRegGetPathA
PathFindNextComponentW
AssocQueryStringW
StrFormatByteSizeA
ord515
PathCanonicalizeW
PathIsFileSpecA
PathSearchAndQualifyA
StrFormatKBSizeA
SHSetValueW
StrNCatA
StrStrNW
UrlEscapeW
PathUnquoteSpacesA

msvcrt

memset

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CDRPART
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d21a9f880aec459942a2fe05df9b75b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

comctl32

shlwapi

msvcrt

Sections

.text Size: 80KB - Virtual size: 76KB

CDRPART Size: 4KB - Virtual size: 2KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 11KB

.edata Size: 8KB - Virtual size: 4KB

CODE Size: 68KB - Virtual size: 67KB

.rsrc Size: 4KB - Virtual size: 704B

.text
Size: 80KB - Virtual size: 76KB

CDRPART
Size: 4KB - Virtual size: 2KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 11KB

.edata
Size: 8KB - Virtual size: 4KB

CODE
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 4KB - Virtual size: 704B