f9bd07f848b0986351215eee57ec469b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9bd07f848b0986351215eee57ec469b_JaffaCakes118
Size

2.0MB
MD5

f9bd07f848b0986351215eee57ec469b
SHA1

460dc7c585f3af37644817d7844020f877e87cb0
SHA256

526a99953378243782905c36ba56bf7824018ac632141a10979804b2f1bc549e
SHA512

1cf192fe35f06ffa7cd433b95da41278b1ff66abdefa32ed2388d08954dc917b8bee16f09ac2016d30ddb8f670513bc8c862ce1ecf847a253c02c4a35ff924be
SSDEEP

49152:aayohlcnPJ++66Uwds5OyPIpP06bXuLeM:aglcnywdQwh0kXhM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9bd07f848b0986351215eee57ec469b_JaffaCakes118

Files

f9bd07f848b0986351215eee57ec469b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be569c078e48ff9bf5677cf50a39bd11

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LogonUserW
CryptSetKeyParam
SetEntriesInAclW
DuplicateToken
RegDeleteValueW
CreateProcessAsUserA
InitiateSystemShutdownW
InitializeSid
ReportEventW
GetTokenInformation
AbortSystemShutdownA
RegDeleteValueA
CreatePrivateObjectSecurity
DestroyPrivateObjectSecurity
CryptSetProvParam
MapGenericMask
GetSecurityDescriptorGroup

user32

HiliteMenuItem
NotifyWinEvent
AppendMenuW
DefDlgProcA
GetMenuItemID
CreateDesktopA
CreateWindowExW
CharPrevA
WindowFromDC
ShowWindow
LoadMenuIndirectA
BroadcastSystemMessageW
IntersectRect
DefFrameProcA
ModifyMenuA
ModifyMenuW
GetWindow
MessageBeep
PostQuitMessage
RegisterClipboardFormatW
LoadCursorFromFileW
EnableMenuItem
GetUserObjectInformationA

kernel32

SetCurrentDirectoryA
FormatMessageW
SetErrorMode
SetProcessAffinityMask
MoveFileW
CreateWaitableTimerA
EnumCalendarInfoA
CreateFileW
ReadConsoleInputW
OpenSemaphoreW
GetTempFileNameA
GetShortPathNameW
OpenFile
_lclose
GetDateFormatA
SetTimeZoneInformation
GetCurrentProcessId
VirtualLock
SetThreadPriorityBoost
ExitProcess
WritePrivateProfileSectionW
lstrcmpiA
CreatePipe
ScrollConsoleScreenBufferA
LocalReAlloc
GetThreadContext
CompareStringA
GlobalFindAtomW
FillConsoleOutputCharacterA
GetStringTypeExW

comdlg32

ReplaceTextW
ReplaceTextA

comctl32

ImageList_Add
ImageList_GetImageCount
ImageList_EndDrag

version

VerQueryValueA

ole32

GetClassFile
CoMarshalInterface
CoLockObjectExternal
CoUninitialize

oleaut32

SafeArrayCreate
VariantChangeType

msvcrt

clock
_wcsdup
_wsopen
wcsncmp
_ismbblead
_exit
_wchdir
ctime
fseek
_locking
_wspawnv

Sections

.text
Size: 16KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be569c078e48ff9bf5677cf50a39bd11

Headers

File Characteristics

Imports

advapi32

user32

kernel32

comdlg32

comctl32

version

ole32

oleaut32

msvcrt

Sections

.text Size: 16KB - Virtual size: 233KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 16KB - Virtual size: 233KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 17KB - Virtual size: 16KB