eac1528ba6ef2a8d9d1498947b71c9c1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eac1528ba6ef2a8d9d1498947b71c9c1_JaffaCakes118
Size

110KB
MD5

eac1528ba6ef2a8d9d1498947b71c9c1
SHA1

38d245d9c515e6f8e499c4d5aa0b3bff8afecaa4
SHA256

52d9d9af6d2b9d3c0d11e8ba573973fc71b87e30a9dc6935f6af43eaa979899f
SHA512

08df9ccb263a5cda89a19613a23652c5a67fed712104637fab5b0fc1c96040e87d57ccb8fca550aeec2d6844873176dbc6a651f9fe8b8511ce290ef2b2d84679
SSDEEP

3072:z69aeFC7ydEl5+60UdOmsj2EH8vSXwOwYZ3d9LQbV4RQ:zfZWdEK60Udw/8kZ3dibVX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eac1528ba6ef2a8d9d1498947b71c9c1_JaffaCakes118

Files

eac1528ba6ef2a8d9d1498947b71c9c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a248b16dc3e89ed1241a7c505430eec1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

EqualRect
FrameRect
EnableMenuItem
GetMessageA
UnhookWindowsHookEx
GetSysColor
PostQuitMessage
SetWindowPos
GetScrollPos
GetSubMenu
SetWindowTextA
GetSysColorBrush
EnumWindows

kernel32

GetTimeZoneInformation
GetCurrentProcessId
GetTempPathA
RtlUnwind
GetStartupInfoA
QueryPerformanceCounter
GetFileAttributesA
FileTimeToSystemTime
GetTickCount
InterlockedExchange
SetUnhandledExceptionFilter
ExitProcess
VirtualAllocEx
GetThreadLocale
GetSystemTime

gdi32

SetViewportExtEx
CreateCompatibleBitmap
SelectClipPath
CreateICW
DPtoLP
ExcludeClipRect
GetMapMode
FillRgn
CopyEnhMetaFileA

ole32

CoInitializeSecurity
CoTaskMemRealloc
CoRevokeClassObject
OleRun
CoInitialize
DoDragDrop
StgOpenStorage
CoCreateInstance
StringFromGUID2

advapi32

GetSecurityDescriptorDacl
RegQueryValueExW
QueryServiceStatus
FreeSid
RegCreateKeyExW
RegCreateKeyA
AdjustTokenPrivileges
GetUserNameA
CryptHashData
CheckTokenMembership

msvcrt

_mbscmp
puts
_fdopen
_CIpow
strlen
strncpy
fflush
iswspace
raise
__getmainargs
__initenv
signal
strcspn
_strdup
fprintf
_lock
__setusermatherr
_flsbuf

comctl32

InitCommonControls
ImageList_Write
ImageList_SetIconSize
ImageList_Destroy
ImageList_LoadImageW
ImageList_GetIconSize
ImageList_LoadImageA
ImageList_ReplaceIcon
ImageList_GetBkColor
ImageList_GetIcon
ImageList_DrawEx
CreatePropertySheetPageA
ImageList_DragEnter

shell32

SHBrowseForFolderA
ExtractIconW
DoEnvironmentSubstW
ShellExecuteEx
DragAcceptFiles
CommandLineToArgvW
SHGetPathFromIDList
ShellExecuteW
ExtractIconExW
DragQueryFileA
DragQueryFileW

oleaut32

SysReAllocStringLen
SafeArrayGetUBound
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayRedim
VariantCopy
SafeArrayPutElement
SafeArrayCreate

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gkgrenx
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a248b16dc3e89ed1241a7c505430eec1

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

advapi32

msvcrt

comctl32

shell32

oleaut32

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 41KB - Virtual size: 41KB

.rsrc Size: 35KB - Virtual size: 36KB

gkgrenx Size: - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 35KB - Virtual size: 36KB

gkgrenx
Size: - Virtual size: 4KB