eafa2eb59c85898d6f4cf803903521e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eafa2eb59c85898d6f4cf803903521e0_JaffaCakes118
Size

119KB
MD5

eafa2eb59c85898d6f4cf803903521e0
SHA1

c8c3cb0ac4d398b46d29899154be2f133873b894
SHA256

fd0268c43ef8ba60b2b389630d5a5c9dbac3ae2bd1b1a8be9c72a1affcb35402
SHA512

1b65b0bece3b43e3fb53451509cdd1034ac89e3c3ecbff5e8c5c9d5042a36380cf72381dd436b62695468b337f4f1dd340f336e064c4fa22779a635608b43bde
SSDEEP

3072:l4vHPiAdpu9q4+V4Z05zYhPKG/aP2nxRS:CfqAdpuQ4+4a5zaCG/aPWxR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eafa2eb59c85898d6f4cf803903521e0_JaffaCakes118

Files

eafa2eb59c85898d6f4cf803903521e0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d270d3f30cf2cb1a5db1dbf4535d96e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_errno
__setusermatherr
_except_handler3
_exit
exit
__getmainargs
__dllonexit
malloc
abort
remove
strcpy
__p__commode
fwrite
printf
_acmdln
__set_app_type
free
strcmp
fclose
_iob
_initterm
getenv
__p__fmode
memmove
fopen
fflush
fread
_adjust_fdiv
_onexit
_XcptFilter
strlen
fseek
_setmode

kernel32

WriteConsoleA
GetDiskFreeSpaceA
LoadLibraryA
GetModuleHandleW
SetFilePointer
LocalFileTimeToFileTime
DeviceIoControl
SetHandleCount
GetProcAddress

comctl32

ImageList_DragShowNolock
ImageList_SetImageCount
ImageList_Replace
ImageList_GetImageCount
ImageList_SetIconSize
PropertySheetW
ImageList_AddMasked
InitCommonControls
ImageList_BeginDrag
ImageList_SetBkColor

shell32

SHFileOperationA
SHGetPathFromIDListA
SHGetSettings
SHBindToParent
SHCreateDirectoryExA
SHGetPathFromIDList
ExtractIconExA
ShellExecuteEx
SHGetSpecialFolderPathA
SHGetFileInfoA
DragQueryFile
SHGetSpecialFolderPathW
FindExecutableW
ExtractAssociatedIconW

gdi32

GetWindowExtEx
DPtoLP
CreatePatternBrush
GetDIBColorTable
TextOutW
CreateSolidBrush
TextOutA
CreateFontIndirectW
CreateDIBitmap

ole32

CoRegisterClassObject
ReleaseStgMedium
CoLoadLibrary
CLSIDFromProgID
IIDFromString
DoDragDrop
CLSIDFromString
OleRun
GetRunningObjectTable
OleIsCurrentClipboard
CoRegisterMessageFilter
CoInitializeSecurity
OleSetClipboard

user32

LoadIconA
GetDlgItem
InsertMenuA
FillRect
PostMessageA
DrawIcon
ReleaseDC
OffsetRect

oleaut32

SafeArrayGetUBound
SafeArrayCreate
GetErrorInfo
SysStringByteLen
LoadTypeLib
VariantCopy
SafeArrayRedim
SafeArrayPtrOfIndex
SafeArrayPutElement

advapi32

OpenSCManagerW
RegEnumKeyExA
RegEnumValueW
RegEnumKeyA
CheckTokenMembership
RegQueryInfoKeyA
GetUserNameA
RegQueryInfoKeyW
GetLengthSid
RegQueryValueExW
FreeSid
RevertToSelf

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d270d3f30cf2cb1a5db1dbf4535d96e3

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

shell32

gdi32

ole32

user32

oleaut32

advapi32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 48KB - Virtual size: 60KB

.rsrc Size: 65KB - Virtual size: 64KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 48KB - Virtual size: 60KB

.rsrc
Size: 65KB - Virtual size: 64KB