de38c59c85417721facb597463a0dd0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de38c59c85417721facb597463a0dd0d_JaffaCakes118
Size

144KB
MD5

de38c59c85417721facb597463a0dd0d
SHA1

ab7b8609c8bc8f578be82ca004c63640da8ade84
SHA256

ac896f96a8927458afc431c724f483a0efcdc68429409313e337d061f748b2c4
SHA512

3fb961412470e0966c2504fd6731c8d9ee5d87a2ea4b92b39de9f89a96b2a97878fa72aa5a0248c1be6de79fb5cc464f2a6a26f860e42b860779e7277893d7c6
SSDEEP

3072:TCcsK0dmFuwehx9yIDaMy2FT20i5Ujx5ABq:wCuwezWOS0Fk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de38c59c85417721facb597463a0dd0d_JaffaCakes118

Files

de38c59c85417721facb597463a0dd0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

465c0bccf3b02379d7b6741be79c566a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GlobalUnlock
GetSystemTimeAsFileTime
GetStartupInfoA
GetVersion
SetHandleCount
FreeEnvironmentStringsA
CopyFileA
GetModuleHandleA
VirtualProtect
lstrlenA
GlobalLock

msvcrt

__getmainargs
_mbsicmp
strtol
memchr
_initterm
swscanf
__setusermatherr
time
exit
__p__fmode
__set_app_type
log
wcsrchr
_adjust_fdiv
_setjmp
_mktemp
_XcptFilter
_cexit
_CIsqrt
__p__commode
_except_handler3
_mbsrchr
_acmdln

user32

SetTimer
GetParent
SetCursor
RemoveMenu
GetCursorPos
GetMenu
GetMenuState

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerInstallFileW
VerLanguageNameA
VerQueryValueA
VerQueryValueW
GetFileVersionInfoA

gdi32

GetTextExtentPoint32A
GetTextFaceW

advapi32

LookupPrivilegeValueA
CheckTokenMembership
DeregisterEventSource
RegQueryValueA
CopySid
CryptAcquireContextA
LookupPrivilegeValueW

oleaut32

SafeArrayCreate
SysReAllocStringLen
SafeArrayRedim
SysStringByteLen
SysStringLen
VariantClear
SysAllocStringLen
VariantCopyInd
SafeArrayUnaccessData
SafeArrayGetElement
SetErrorInfo
SysAllocStringByteLen

ole32

OleSetClipboard
CoRevokeClassObject
CoTaskMemFree
CreateBindCtx

shell32

SHGetSpecialFolderPathW
SHBindToParent
SHBrowseForFolderA
ExtractIconA
SHAppBarMessage
SHGetSpecialFolderLocation
ShellExecuteExA
SHBrowseForFolderW
DragFinish

comctl32

ImageList_GetIcon
ImageList_LoadImageA
ImageList_AddMasked
InitCommonControls
ImageList_Draw
CreateStatusWindowA
PropertySheetA
CreatePropertySheetPageW
ImageList_Add
ImageList_DrawEx
ImageList_SetBkColor

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

465c0bccf3b02379d7b6741be79c566a

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

version

gdi32

advapi32

oleaut32

ole32

shell32

comctl32

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 48KB - Virtual size: 47KB

.rsrc Size: 31KB - Virtual size: 30KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 31KB - Virtual size: 30KB