ea0f549dc60732ad5b8ea2ed986d8937_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea0f549dc60732ad5b8ea2ed986d8937_JaffaCakes118
Size

3.8MB
MD5

ea0f549dc60732ad5b8ea2ed986d8937
SHA1

e7808911aeb1a856f3d035c9ace433781f34656f
SHA256

fd244531b55b5b5518d4c54c2b923e1aaa70b3dbf0b8d6595e1ffa2ef2486d02
SHA512

b94b7f3681b61aefec6c02e2794ad59edcb32f8d7a361c6158d3e18551cd878525e9bb5a65d140efbe3282ebbff0cf57ddca82f74eaf2663b3c51b415b1604cd
SSDEEP

98304:gMe709Tb/C3cmgCMFP1nflFzVGXjnFjGIzQaDkWG0:G0F+37vMptfHzVMTFjga4W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea0f549dc60732ad5b8ea2ed986d8937_JaffaCakes118

Files

ea0f549dc60732ad5b8ea2ed986d8937_JaffaCakes118
.exe windows:4 windows x86 arch:x86

753e3503712309e3b6d46f6b5cce7377

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetObjectA
GetPolyFillMode
SetMapMode
CreateEllipticRgnIndirect
GetCurrentPositionEx
StartDocA

kernel32

SetConsoleTitleA
WritePrivateProfileStringA
GetSystemDefaultLangID
ExitProcess
QueryDosDeviceA
GetDriveTypeA
SetConsoleCursorPosition
EnumDateFormatsW
ExpandEnvironmentStringsW
GlobalAddAtomW
UnhandledExceptionFilter
lstrcpynA

shell32

SHGetSettings
SHGetSpecialFolderLocation

ole32

CoCreateInstanceEx
CoLockObjectExternal

oleaut32

VariantChangeType
LoadTypeLibEx

user32

SetMenuInfo
CheckDlgButton
EndPaint
DestroyWindow
UnregisterDeviceNotification
EnumDisplaySettingsExW
PostQuitMessage
GetKeyNameTextA
SetWindowsHookExW
SetSysColors
EndDeferWindowPos
GetWindowTextW
RemovePropW
EnumWindowStationsA
ToAscii
IsMenu
IsCharAlphaA
DefDlgProcW
UnionRect
GetKeyboardLayout
CharToOemBuffA
SetProcessDefaultLayout
CharLowerW
GetCaretBlinkTime

ws2_32

sendto
WSANtohs
WSAAccept
WSADuplicateSocketA
WSAEnumProtocolsA
WSAAsyncGetServByName

version

VerInstallFileA

comctl32

ImageList_SetImageCount
ImageList_Destroy
_TrackMouseEvent

advapi32

LookupPrivilegeNameA
GetPrivateObjectSecurity
CryptGetHashParam
OpenServiceA
SetNamedSecurityInfoA
RegUnLoadKeyA
SetKernelObjectSecurity

Sections

.text
Size: 2KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

753e3503712309e3b6d46f6b5cce7377

Headers

File Characteristics

Imports

gdi32

kernel32

shell32

ole32

oleaut32

user32

ws2_32

version

comctl32

advapi32

Sections

.text Size: 2KB - Virtual size: 220KB

.text Size: 512B - Virtual size: 6B

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3.5MB - Virtual size: 3.5MB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 2KB - Virtual size: 220KB

.text
Size: 512B - Virtual size: 6B

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3.5MB - Virtual size: 3.5MB

.rsrc
Size: 19KB - Virtual size: 18KB