fca5157f26620ee69d4b116e6479bb07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fca5157f26620ee69d4b116e6479bb07_JaffaCakes118
Size

5.7MB
MD5

fca5157f26620ee69d4b116e6479bb07
SHA1

29803622086ab2203ad49f2d68b4dd5a9e1e1b47
SHA256

13e649667e2a3fce4abf464dbdda3dc530737e80beafd400a9e3688c854e2e7f
SHA512

e9ab288d915aafba350783d468e28a7c46819ceec547d196f8e085b9904a9d9b8387b050fff6fb9a73dbd61698b1a76bb6518d4e4078820ac40c7950a26ff9e6
SSDEEP

6144:INclhK2ZcgSI5CpcDVBb/idhtXSTU8EI7W3itehZsu+8:5lhdZcgS6DPb/i7tCPNW3hZsn8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fca5157f26620ee69d4b116e6479bb07_JaffaCakes118

Files

fca5157f26620ee69d4b116e6479bb07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7b3220a51fd267a0c84c0bcd1b92178

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextCharacterExtra
GetEnhMetaFileDescriptionA

advapi32

IsValidAcl
CryptAcquireContextA
RegUnLoadKeyA
MapGenericMask
GetUserNameW
RegQueryValueW
RegSetValueA
OpenServiceA
CreateProcessAsUserA
OpenThreadToken
BuildTrusteeWithNameW
LookupPrivilegeDisplayNameA

shell32

DragFinish
FindExecutableA

kernel32

FlushFileBuffers
SuspendThread
GetSystemDefaultLangID
ExitProcess
IsProcessorFeaturePresent
EnumSystemCodePagesW
FindFirstFileExW
PulseEvent
WritePrivateProfileSectionW
GlobalFlags
SetHandleCount
FormatMessageA
VirtualLock
LocalFileTimeToFileTime
GenerateConsoleCtrlEvent
lstrcmpiA
WriteConsoleOutputW
SetVolumeLabelA

oleaut32

LoadTypeLibEx
SafeArrayCreate

user32

SetClipboardData
SetActiveWindow
GetWindowLongW
MapVirtualKeyA
SetScrollPos
OpenIcon
SetCursorPos
CharPrevA
RegisterClassExA
SystemParametersInfoA
GetCursorPos
GetClipboardFormatNameA
GetClipCursor
GetMessageW
EnumWindows
SetForegroundWindow
DefMDIChildProcW
BroadcastSystemMessageA
RegisterClassExW
DeleteMenu
CountClipboardFormats
SendMessageTimeoutW
SystemParametersInfoW
ValidateRect

ws2_32

WSAResetEvent
WSANtohs
accept
WSAIsBlocking
WSASetBlockingHook
recv
closesocket

comdlg32

ReplaceTextW
GetOpenFileNameA

msvcrt

signal
strncat
_strlwr
iswalpha
fputc
floor
getenv

Sections

.text
Size: 2KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7b3220a51fd267a0c84c0bcd1b92178

Headers

File Characteristics

Imports

gdi32

advapi32

shell32

kernel32

oleaut32

user32

ws2_32

comdlg32

msvcrt

Sections

.text Size: 2KB - Virtual size: 223KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 223KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 17KB - Virtual size: 16KB