db4b34cf527365a3c3b85193ec4e15b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db4b34cf527365a3c3b85193ec4e15b1_JaffaCakes118
Size

171KB
MD5

db4b34cf527365a3c3b85193ec4e15b1
SHA1

07bce5448086028fb990a598767b610de35bf39f
SHA256

49a73809f9a178e71eeba5fe297cfaed4925374d88d3d8651f30c72e04b85036
SHA512

92bf23121c9bc1694ef6a1d4c01754d5cbe1175f312407020a254080f4e694c5e9d5cd2ae7b833ecb5f0d508c7511ff595f8778c3e296ab4eeda8b9017a8a681
SSDEEP

3072:AcRsMmu3PfmmLGb/V7mzGxRiQH9MgWNFEQQeL4t6T5uVUHTBq0gtf+:A5MTPfmmLGbNizGxRkgWNFEbW4tGIaHD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db4b34cf527365a3c3b85193ec4e15b1_JaffaCakes118

Files

db4b34cf527365a3c3b85193ec4e15b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5263dd5ef7f74bf7ded8e6d39d197903

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrDupW
PathIsUNCW
SHRegGetValueW
PathGetArgsW
PathSkipRootW
PathFindFileNameW

user32

GetPropW
GetClassNameW
GetWindowThreadProcessId
AllowSetForegroundWindow
GetGUIThreadInfo
GetForegroundWindow

gdiplus

GdipGetImageWidth
GdipDisposeImage

kernel32

lstrcmpiW
IsWow64Process
FindClose
WaitForSingleObject
LocalAlloc
WideCharToMultiByte
QueryDosDeviceW
MultiByteToWideChar
GetCalendarInfoW
lstrlenW
InterlockedCompareExchange
SetFileAttributesW
DuplicateHandle
OpenProcess
OutputDebugStringW
SearchPathW
QueryPerformanceCounter
GetCurrentProcess
CreateFileMappingW
OutputDebugStringA
GetProcAddress
VirtualProtect
InterlockedExchange
GetModuleFileNameW
SetLastError
GetFileAttributesW
LoadLibraryW
GetFileInformationByHandle
GetLogicalDriveStringsW
GetFileSizeEx
UnhandledExceptionFilter
GetModuleHandleA
EnterCriticalSection
EnumResourceNamesA
GetCurrentDirectoryW
EncodePointer
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
MapViewOfFile
GetProcessId
InitializeCriticalSection
Sleep
GetTickCount
GetModuleHandleW
LocalFree
GetLastError
GetCurrentThreadId
SetEnvironmentVariableW
ExitProcess
FindFirstFileW
CreateDirectoryW
FindNextFileW
VirtualQuery
UnmapViewOfFile
FreeLibrary
ReleaseMutex
CreateMutexW

ole32

CoGetDefaultContext
CoTaskMemAlloc
CoInitialize
StringFromGUID2
CoUninitialize
CoTaskMemFree

advapi32

RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
DecryptFileW
EncryptFileW
RegQueryInfoKeyW
RegEnumValueW
RegCreateKeyExW
RegEnumKeyW
RegCloseKey

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5263dd5ef7f74bf7ded8e6d39d197903

Headers

File Characteristics

Imports

shlwapi

user32

gdiplus

kernel32

ole32

advapi32

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: 71KB - Virtual size: 71KB

.edata Size: 1024B - Virtual size: 96KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: 71KB - Virtual size: 71KB

.edata
Size: 1024B - Virtual size: 96KB