ff001b7741fa8586431b6ae9a0507d4f_JaffaCakes118

General

Target

ff001b7741fa8586431b6ae9a0507d4f_JaffaCakes118
Size

437KB
MD5

ff001b7741fa8586431b6ae9a0507d4f
SHA1

9e71912225a425445925e022f577732162403a5e
SHA256

b46c76934bca99fd28e83db68f789f148eb5924499b29fa5bbd1ee798e0ba493
SHA512

55e4588f3090c741b4765fc6cf85b2b86265550908b798eed1f7a5e5c25a10c5bfde4bbf54a6d4abaeeb3babb9c9dd044565b149f5597b65ae5b3e556193cdcd
SSDEEP

6144:IQJbgig555PMdK7SzCobCHkK6GdcAxcK35FrdNV5AfQOTxQ7yrfeh53NyUX45D3o:hb0Md4oWeA1JFrdNfAfQJVyk2jo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff001b7741fa8586431b6ae9a0507d4f_JaffaCakes118

Files

ff001b7741fa8586431b6ae9a0507d4f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

952574e28f841b31f6f76e72d4b7e072

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

FindExecutableW
FreeIconList
ExtractAssociatedIconExW
ExtractAssociatedIconExA
SHQueryRecycleBinA
SHBrowseForFolderA
SHUpdateRecycleBinIcon
RealShellExecuteExW
SHGetNewLinkInfo
SheSetCurDrive
DragQueryFileAorW

gdi32

CopyEnhMetaFileW
OffsetClipRgn
GetColorSpace
GetCharWidthFloatA
GetAspectRatioFilterEx
GetBkColor
CheckColorsInGamut
GetViewportExtEx
GetICMProfileW
GetEnhMetaFileBits
GetCharABCWidthsFloatW
EqualRgn
DescribePixelFormat

advapi32

CryptAcquireContextW
StartServiceA
RegCreateKeyExW
CryptVerifySignatureA
CreateServiceW
RegDeleteValueW
LookupAccountNameA
CryptGetDefaultProviderA
CryptContextAddRef
RegDeleteKeyW
CryptGetUserKey
GetUserNameA

comdlg32

FindTextA
ChooseColorW
GetOpenFileNameW
GetFileTitleA
GetFileTitleW
ChooseFontW
ChooseColorA
ReplaceTextA

kernel32

GlobalGetAtomNameA
TerminateProcess
MoveFileExW
RtlUnwind
DuplicateHandle
HeapAlloc
GetVolumeInformationA
GetSystemTimeAsFileTime
LoadLibraryA
VirtualAlloc
GetCurrentThreadId
CreateDirectoryExA
GetCommandLineA
FindResourceW
GetProcAddress
HeapFree
VirtualQuery
InterlockedExchange
GetModuleHandleA
HeapReAlloc
ExitProcess
GetTickCount
VirtualUnlock
GetCurrentProcessId
lstrcmpW
GetModuleFileNameA
GetCurrentProcess
ResetEvent
QueryPerformanceCounter

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

952574e28f841b31f6f76e72d4b7e072

Headers

File Characteristics

Imports

shell32

gdi32

advapi32

comdlg32

kernel32

Sections

.text Size: 155KB - Virtual size: 155KB

.data Size: 267KB - Virtual size: 266KB

.rsrc Size: 14KB - Virtual size: 13KB

.text
Size: 155KB - Virtual size: 155KB

.data
Size: 267KB - Virtual size: 266KB

.rsrc
Size: 14KB - Virtual size: 13KB