ea4098d5356dd345bd3c8334ca3608bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea4098d5356dd345bd3c8334ca3608bb_JaffaCakes118
Size

142KB
MD5

ea4098d5356dd345bd3c8334ca3608bb
SHA1

ef7b647405d3a135435c92edab9fa982ac83f5db
SHA256

218ab9762d284b7c85742268fd76e656254c84e92532036944f021a68ad78027
SHA512

51092ff7c5ba398f0740749d9963c640632028c4bf7680660a04fbacf86797749d8c47882472e4e45b4addc0c08a708fc482cba71695e0f37b2139b0c7d4df8c
SSDEEP

3072:+IboCU0fsxaH9y008im5Fj9xbYX3rRLQIzvFTuo9JpQx6SWNb:fjfKu0G8/4+Nb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea4098d5356dd345bd3c8334ca3608bb_JaffaCakes118

Files

ea4098d5356dd345bd3c8334ca3608bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

deec645edfe1bee39513f63a09a44123

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetCPInfo
GetStartupInfoW
GetStartupInfoA
LocalFree
RtlUnwind
GetVersion
GetExitCodeProcess
GlobalReAlloc
GetModuleHandleA
VirtualProtect
SystemTimeToFileTime
GetTempPathW

msvcrt

__getmainargs
__p__commode
_except_handler3
_utime
_XcptFilter
time
__setusermatherr
wcslen
_acmdln
_wcsnicmp
__set_app_type
_adjust_fdiv
__p__fmode
_initterm
log
exit
strpbrk
__CxxFrameHandler
sscanf
_CIpow

user32

GetMenuItemCount
BeginPaint
ReleaseDC
SetMenu
GetCursorPos
wsprintfA
GetCapture
GetClassInfoA
UnregisterClassA

gdi32

PtVisible
FillPath
ScaleWindowExtEx
SelectPalette
GetDIBColorTable
StrokeAndFillPath
GetStretchBltMode
RectVisible

oleaut32

SetErrorInfo
SafeArrayPutElement
SysAllocStringByteLen
SysReAllocStringLen
SysFreeString
LoadTypeLib
CreateErrorInfo
SafeArrayRedim
SysStringLen
GetActiveObject

version

GetFileVersionInfoA
VerFindFileW
VerQueryValueW
GetFileVersionInfoSizeA
VerInstallFileA
GetFileVersionInfoSizeW

ole32

OleFlushClipboard
OleUninitialize
CLSIDFromProgID
DoDragDrop
StringFromGUID2
StringFromCLSID
CoInitialize

advapi32

IsValidSid
CryptHashData
InitiateSystemShutdownA
RegOpenKeyA
OpenServiceA
CryptReleaseContext
RegCloseKey
OpenSCManagerA
RegDeleteValueW
RegSetValueExW

comctl32

InitCommonControlsEx
DestroyPropertySheetPage
PropertySheetA
ImageList_GetBkColor
ImageList_LoadImageA
ImageList_SetImageCount
ImageList_GetIcon
ImageList_Add

shell32

SHGetFolderLocation
ShellExecuteEx
ExtractAssociatedIconW
SHGetFileInfoA
SHAppBarMessage
SHBrowseForFolderA
SHCreateDirectoryExW
CommandLineToArgvW
ExtractIconA
SHGetSettings
DragQueryFile

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

deec645edfe1bee39513f63a09a44123

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

oleaut32

version

ole32

advapi32

comctl32

shell32

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 48KB - Virtual size: 47KB

.rsrc Size: 29KB - Virtual size: 29KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 29KB - Virtual size: 29KB