dea87eabc78255f6e20cce1dc6014ca9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dea87eabc78255f6e20cce1dc6014ca9_JaffaCakes118
Size

80KB
MD5

dea87eabc78255f6e20cce1dc6014ca9
SHA1

eabe7a45ea9041fe9cf67eb3deb32cf675ac5c14
SHA256

8bc6a863e6776a888665ba4c2478aa12a3314d0f7f5d246fd8888ac42a65e041
SHA512

8b6218bcb2363c1dbda98545fd7cc6f1083331511f6940beb6598fc8e4bda1acaf55a958298eb97c32d9a4091313920c26c573a59e777d96afbcb9fb43f844ac
SSDEEP

1536:xw46dDI5yXhs1OvpUjUKb2BJbYGVFFW1Yeuj3gzbcposA:GNDAymkvpUjUKbKJbYGVFU1YfRT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dea87eabc78255f6e20cce1dc6014ca9_JaffaCakes118

Files

dea87eabc78255f6e20cce1dc6014ca9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2e6b704453f4a7dd5fd5ad1044472b6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetSubMenu
UnhookWindowsHookEx
EnumWindows
FrameRect
SetWindowPos
SetWindowTextA
EnableMenuItem
GetMessageA
PostQuitMessage
EqualRect
GetSysColor
GetSysColorBrush
GetScrollPos

kernel32

GetOEMCP
GetFileAttributesA
ExitProcess
GetTickCount
GetTimeZoneInformation
GetStartupInfoA
InterlockedExchange
SetUnhandledExceptionFilter
GetACP
GetCurrentProcessId
GetTempPathA
VirtualAllocEx
FileTimeToSystemTime
RtlUnwind
GetThreadLocale
QueryPerformanceCounter

gdi32

GetMapMode
DPtoLP
CreateICW
CreateCompatibleBitmap
CopyEnhMetaFileA
FillRgn
SetViewportExtEx
SelectClipPath
ExcludeClipRect

ole32

CoInitializeSecurity
CoRevokeClassObject
StringFromGUID2
OleRun
CoCreateInstance
StgOpenStorage
CoTaskMemRealloc
CoInitialize
DoDragDrop

advapi32

GetUserNameA
RegCreateKeyA
CryptHashData
QueryServiceStatus
FreeSid
AdjustTokenPrivileges
RegCreateKeyExW
CheckTokenMembership
GetSecurityDescriptorDacl
RegQueryValueExW

msvcrt

fflush
strlen
__getmainargs
_strdup
strncpy
puts
_CIpow
__setusermatherr
signal
__initenv
fprintf
strcspn
_fdopen
_lock
_flsbuf
iswspace
_mbscmp
raise

comctl32

ImageList_DragEnter
ImageList_ReplaceIcon
InitCommonControls
ImageList_Destroy
CreatePropertySheetPageA
ImageList_SetIconSize
ImageList_LoadImageW
ImageList_LoadImageA
ImageList_Write
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetBkColor
ImageList_GetIcon

shell32

ShellExecuteEx
DoEnvironmentSubstW
SHBrowseForFolderA
SHGetPathFromIDList
DragQueryFileA
DragQueryFileW
CommandLineToArgvW
ExtractIconW
DragAcceptFiles
ExtractIconExW
ShellExecuteW

oleaut32

VariantCopy
SysReAllocStringLen
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayRedim

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e6b704453f4a7dd5fd5ad1044472b6f

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 39KB - Virtual size: 38KB

.rsrc Size: 6KB - Virtual size: 34KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 39KB - Virtual size: 38KB

.rsrc
Size: 6KB - Virtual size: 34KB