fbad71ff1a230172636387f09acc9527_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbad71ff1a230172636387f09acc9527_JaffaCakes118
Size

102KB
MD5

fbad71ff1a230172636387f09acc9527
SHA1

efa96c42aa21e4af689f77e3479d82b2f2da46a0
SHA256

2b7dd061519fe09fb35bca931bd26cdac45cb99ce667a204103eca500722c72c
SHA512

16623c01b18834f302ce916f644afbc48170e3aa21b14b1577af1bfb2a9266b94f822c90961cc927c94ae43abc3ac126fd53262c6d69bc8402df8c5a30f5c938
SSDEEP

3072:C7apxHjQFQoaArEPqvgLrUMMnMMMMMX7I7Da:C7usFhH2qvgLQMMnMMMMMa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbad71ff1a230172636387f09acc9527_JaffaCakes118

Files

fbad71ff1a230172636387f09acc9527_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e108d6173849bbdeb95f88f905ff37ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCatBuffW
StrCatBuffA
StrCpyNW
wnsprintfA

user32

SetFocus
GetDC
LoadCursorA
DialogBoxParamA
SetWindowLongA
LoadBitmapA
LoadStringA
CallMsgFilterA
SendMessageW
DialogBoxParamW
GetParent
SetDlgItemTextA
GetDlgItemTextA
SetCursor
EndDialog
GetSysColor
SendDlgItemMessageA
CreateWindowExW
WinHelpA
SendMessageA
MessageBeep
DialogBoxIndirectParamA
ReleaseDC
ShowWindow
GetWindowRect
EnableWindow
GetDlgItem
LoadImageA
DialogBoxIndirectParamW

shell32

ShellExecuteA

kernel32

VirtualAlloc
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetCurrentProcess
GetCurrentThreadId
WinExec
GetCurrentProcessId
EnterCriticalSection
GetDateFormatA
ExitProcess
GetLastError
HeapAlloc
DeleteCriticalSection
TerminateProcess
CompareFileTime
InterlockedCompareExchange
SetProcessWorkingSetSize
LeaveCriticalSection
HeapFree
SetUnhandledExceptionFilter
lstrcmpiA
lstrlenW
GetCommandLineA
InitializeCriticalSection
UnhandledExceptionFilter
FileTimeToSystemTime
HeapReAlloc

wintrust

WintrustAddActionID
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WintrustRemoveActionID
WTHelperCertIsSelfSigned

gdi32

SelectObject
GetTextExtentPointW
GetTextMetricsA
GetTextExtentPointA
GetTextMetricsW
DeleteObject

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e108d6173849bbdeb95f88f905ff37ce

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

shell32

kernel32

wintrust

gdi32

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 15KB - Virtual size: 328KB

.rdata Size: 56KB - Virtual size: 55KB

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 24B

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 15KB - Virtual size: 328KB

.rdata
Size: 56KB - Virtual size: 55KB

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 24B

.rsrc
Size: 24KB - Virtual size: 24KB