dea2df5bc0d10dbfb635441252bb1230_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dea2df5bc0d10dbfb635441252bb1230_JaffaCakes118
Size

24KB
MD5

dea2df5bc0d10dbfb635441252bb1230
SHA1

10661c04f6f4fc5ac2fb351eeae6d5a0c0df1966
SHA256

bddeaf7f91cb379916183581269c36d2e3489c2f7a780495c988616685ae4249
SHA512

c7a31186853369acca82fcabf9eb9b40acc84bb5548f05b4b7b87e7262c880069c97b7151fce983ca3a76fac3ea49ecc12efd4a2272b54f4119431080a6b0094
SSDEEP

384:SA9upoYOZaQ8pdBPqHIEcy4ye86gkf6mFQn1HHL++JlQaQCXe8oLdAJsno:ncOp8pdBPZEcy4G93xr++JlQaQla

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dea2df5bc0d10dbfb635441252bb1230_JaffaCakes118

Files

dea2df5bc0d10dbfb635441252bb1230_JaffaCakes118
.exe windows:4 windows x86 arch:x86

781fea1f31d3fec7a3616ef082a90fc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_snwprintf
_initterm
fwrite
_vsnwprintf
wcscpy
free
_itow
wcslen
_local_unwind2
_onexit
wcsncmp
_strnicmp
_wcsicmp
_wtoi
strtol
swprintf
wcscmp
_adjust_fdiv
_iob
__dllonexit
_except_handler3
_ftol
wcsncpy
realloc

user32

LoadStringW
GetWindowRect
GetClientRect
MessageBoxA
TranslateMessage
GetSystemMetrics
EndDialog
EnableWindow
ReleaseDC
GetDC
ShowWindow
GetDlgItem

kernel32

OutputDebugStringW
SizeofResource
ExitProcess
IsValidCodePage
ExpandEnvironmentStringsA
lstrcatW
CreateProcessW
GetComputerNameW
DeviceIoControl
AddAtomW
GetCurrentDirectoryW
CreateFileMappingW
SetFileAttributesA
CreateMutexA
GetLastError
VirtualAlloc
CreateMutexW
GetCurrentProcess

shlwapi

SHFreeShared
GetAcceptLanguagesA
GetAcceptLanguagesW
StrCmpCA
SHCreateThread

shell32

DllGetVersion
GetFileNameFromBrowse
SHGetSetSettings
Shell_MergeMenus
DragFinish
DragAcceptFiles
SHChangeNotifyRegister
DllUnregisterServer
DAD_DragMove
DAD_DragEnterEx
IsNetDrive
DllRegisterServer
RestartDialog
DAD_DragLeave
DriveType
SHILCreateFromPath
Shell_GetCachedImageIndex
PickIconDlg
SHStartNetConnectionDialogW
DllInstall
DllGetClassObject
SHCoCreateInstance
Shell_GetImageLists
SHDefExtractIconW
DllCanUnloadNow
PathQualify
PifMgr_OpenProperties
IsLFNDrive
SHChangeNotifyDeregister

ole32

CoCopyProxy
CoCreateFreeThreadedMarshaler
CLSIDFromString
CLSIDFromOle1Class
CoCreateInstance
CoDisableCallCancellation
CLIPFORMAT_UserUnmarshal
CoCreateInstanceEx
CLIPFORMAT_UserSize
BindMoniker
CoAllowSetForegroundWindow
OleGetClipboard
CLIPFORMAT_UserMarshal
OleSetClipboard
CLIPFORMAT_UserFree
CoCreateGuid
WriteFmtUserTypeStg
CLSIDFromProgIDEx
CoCreateObjectInContext
CoDeactivateObject

ws2_32

accept
connect
send
WSAStartup
recv
WSACleanup
socket

rsaenh

CPDestroyKey
DllUnregisterServer
CPSetProvParam
CPEncrypt
CPSetKeyParam
CPVerifySignature
CPGetHashParam
CPDeriveKey
CPGetKeyParam
CPHashData
CPSetHashParam
CPSignHash
CPDuplicateKey
CPCreateHash
CPReleaseContext
CPExportKey
CPGetProvParam
CPGenKey
CPGenRandom
CPImportKey
CPDestroyHash
CPDecrypt
CPDuplicateHash
CPGetUserKey
CPHashSessionKey

oleaut32

SafeArrayGetUBound
SysStringLen
VariantChangeType
RegisterTypeLib
SysAllocStringByteLen
SysAllocStringLen
SysReAllocStringLen
GetErrorInfo
SetErrorInfo
VariantClear
VariantCopyInd
OleLoadPicture
SafeArrayUnaccessData
VariantCopy
SafeArrayGetLBound
CreateErrorInfo
VariantChangeTypeEx
SysStringByteLen
SafeArrayPutElement
GetActiveObject
SafeArrayGetElement
LoadTypeLibEx
SafeArrayCreate
SysFreeString
LoadTypeLib
SafeArrayPtrOfIndex
SafeArrayAccessData

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExW
OpenThreadToken
RegCloseKey
InitializeSecurityDescriptor
RegEnumKeyExA
FreeSid
CloseServiceHandle
GetTokenInformation
RegOpenKeyExA
RegCreateKeyExW
RegSetValueExW
RegDeleteValueA
RegEnumValueW
RegDeleteKeyA
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
AllocateAndInitializeSid
RegQueryValueExA
RegQueryInfoKeyW
RegDeleteKeyW
OpenProcessToken

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW

Sections

.reloc
Size: 1024B - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

781fea1f31d3fec7a3616ef082a90fc3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

kernel32

shlwapi

shell32

ole32

ws2_32

rsaenh

oleaut32

advapi32

version

Sections

.reloc Size: 1024B - Virtual size: 878B

.rsrc Size: 10KB - Virtual size: 9KB

.idata Size: 9KB - Virtual size: 9KB

.data Size: 1KB - Virtual size: 35KB

.text Size: 1024B - Virtual size: 674B

.reloc
Size: 1024B - Virtual size: 878B

.rsrc
Size: 10KB - Virtual size: 9KB

.idata
Size: 9KB - Virtual size: 9KB

.data
Size: 1KB - Virtual size: 35KB

.text
Size: 1024B - Virtual size: 674B