fe0679755408fb122f442d9ebaa6e099_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fe0679755408fb122f442d9ebaa6e099_JaffaCakes118
Size

223KB
MD5

fe0679755408fb122f442d9ebaa6e099
SHA1

ece8ed2aea49b3b4aa282c26854984c634255a93
SHA256

85af45a84d21d5ba2c385e3da1da415a40c1fec29d34d52e8e89c265a899dfb2
SHA512

6ee2036dca642451f9aa326b492f240f4752bf989a2944288a10f244fd587d23b6c4aa5db81d5d175201e3f59f04cd0c76bc26550e42014f1a98b581fbe99544
SSDEEP

3072:moUEY4N0zvqgVCpb0xogy1KAG9+xtPAN5VW2GabLBpJO9fHAP6JmDdbmHBcb:mL18pcogyQAG93bLrJAvbJQdKBcb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe0679755408fb122f442d9ebaa6e099_JaffaCakes118

Files

fe0679755408fb122f442d9ebaa6e099_JaffaCakes118
.exe windows:5 windows x86 arch:x86

75a7988bbfab871de0eba12689c95277

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear
VariantInit
SafeArrayPtrOfIndex
VariantChangeType
SafeArrayGetLBound
VariantCopy
SafeArrayCreate
SafeArrayGetUBound

kernel32

WinExec
GetProcessVersion
DisconnectNamedPipe
GetCommandLineW
GetModuleHandleA
GetThreadLocale
lstrlenA
GetTempPathA
CopyFileW
WideCharToMultiByte
SetCurrentDirectoryW
InterlockedIncrement
SetLastError
GetFileAttributesW
SetFilePointer
SetLocaleInfoA
WriteFile
InterlockedDecrement
HeapAlloc
LocalLock
MultiByteToWideChar
GlobalAlloc
RaiseException
VirtualQueryEx
SuspendThread
DebugBreak
CloseHandle
RemoveDirectoryA
GetPrivateProfileIntW
DeleteFileW
GetFileAttributesA
CreateDirectoryW
GetFileSize
lstrlenW
CreateSemaphoreA
CreateFileA
GetProcessHeap
GlobalFindAtomA
LocalAlloc
SetThreadPriority
IsBadCodePtr
GetWindowsDirectoryW
GetVersion
GetThreadPriority
IsValidLocale
HeapFree
FreeLibrary
ReleaseMutex
IsWow64Process
GetTimeFormatW
ReadFile
GetDateFormatA
LocalReAlloc
FormatMessageW
CreateFileA
GetDateFormatW
WriteFile
GetProcAddress
CreateProcessW
GetVolumeInformationW
ExpandEnvironmentStringsW
GetModuleFileNameA
GlobalFree
LocalFree
SetLocalTime
GetTempPathA
GetFullPathNameW
GetStartupInfoA
GetFileTime
GetModuleFileNameW
OpenEventA
GetPrivateProfileSectionW
FlushFileBuffers
GetFileSize
GetTempFileNameA
DeleteFileA
MoveFileA
lstrcmpiW
GetPrivateProfileStringW
OpenEventW
lstrcmpW
GetCurrentProcess
WaitForSingleObject
SetEvent
GetSystemDirectoryW
GlobalAddAtomW

shlwapi

AssocQueryStringW
wnsprintfA
wnsprintfW
wvnsprintfA

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
ShellExecuteW
SHFileOperationW
SHGetFileInfoW
ShellExecuteExA
ExtractIconExA
SHGetSpecialFolderPathW

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

ole32

CoUninitialize
CoSetProxyBlanket
CoTaskMemFree
CoQueryProxyBlanket
CoCreateInstance
CoInitialize

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75a7988bbfab871de0eba12689c95277

Headers

File Characteristics

Imports

oleaut32

kernel32

shlwapi

shell32

rpcrt4

ole32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 5KB - Virtual size: 5KB

.rdata Size: 192KB - Virtual size: 211KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 5KB - Virtual size: 5KB

.rdata
Size: 192KB - Virtual size: 211KB