010b19aac7a6319c558d422cf73eba59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

010b19aac7a6319c558d422cf73eba59_JaffaCakes118
Size

643KB
MD5

010b19aac7a6319c558d422cf73eba59
SHA1

a18893c160ddfd18596451e0a1ea40a3d6b87fea
SHA256

de59fd2c879c94cf6a748f33bb0c7f0ec4066ed162cccfb23f90a9cfb2fcf9aa
SHA512

1f1ef7dfd7abdfefb55d42ce4d87800be67749d8513b60373b83bcbc1cc739e519660c072dd40d79471dfb3f52947e83d24d150296fac18663d65b05372be993
SSDEEP

6144:HqDRlRtK03Kr79fGIk0IvoaK1f7W8DM+UAMBhPzptzU2aCP5y/x:HYRlRkOa7pG0rPbDwhrnzBaCBc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
010b19aac7a6319c558d422cf73eba59_JaffaCakes118

Files

010b19aac7a6319c558d422cf73eba59_JaffaCakes118
.exe windows:4 windows x86 arch:x86

245459f8c8d0d896355a0795220fa664

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
GetPrivateProfileSectionW
CreateDirectoryA
LoadLibraryExA
SetVolumeLabelA
GetProfileIntA
ReadConsoleOutputA
GetVersion
ReadDirectoryChangesW
GetComputerNameW
CompareStringW
GetModuleFileNameW
OpenMutexA
LoadResource
_lopen
SetThreadPriorityBoost
SetEndOfFile
ExitProcess
GlobalReAlloc
ReleaseMutex
IsDBCSLeadByteEx
LocalLock
CreateEventA
SetSystemTime
MoveFileW
GetProcessHeap
GetACP
GetSystemTimeAdjustment
GetOEMCP
SetThreadLocale

gdi32

EndDoc
GetRgnBox
PathToRegion
SetBitmapDimensionEx
SetPixelFormat
GetClipRgn

comdlg32

ReplaceTextA
GetOpenFileNameW

ole32

OleSetMenuDescriptor
CoRegisterMallocSpy
OleSaveToStream
CoLockObjectExternal

ws2_32

WSAConnect
gethostbyaddr
ntohl
getservbyname
WSAGetServiceClassInfoW
select
WSALookupServiceNextW
WSAAccept
WSASetBlockingHook
WSASetLastError

shell32

SHGetPathFromIDListA
SHAddToRecentDocs
SHGetSpecialFolderLocation
ShellExecuteA

user32

SystemParametersInfoW
SendDlgItemMessageA
IsDialogMessageW
MapVirtualKeyExW
GetClassNameA
IsCharLowerW
SetParent
CloseClipboard
ChangeMenuA
GetMessageExtraInfo
LoadKeyboardLayoutA
EmptyClipboard

advapi32

CryptExportKey
OpenEventLogW
OpenSCManagerW
NotifyBootConfigStatus
QueryServiceConfigA
AllocateAndInitializeSid
InitiateSystemShutdownA
GetSidLengthRequired
AccessCheckAndAuditAlarmW
SetTokenInformation
LookupPrivilegeDisplayNameA
ControlService
MakeSelfRelativeSD
RegEnumValueA
CryptReleaseContext

msvcrt

wcslen
fputc
_ismbblead
remove
_spawnlp
_open
iswprint
_stricmp
strncmp
strtod
_strnicmp
wcscpy
abort
swscanf
setbuf
_write
wcstombs
isupper
iswxdigit
_wstrtime
_mbsicmp
_wopen
__doserrno
_ltow
ceil
__p___argc
putchar

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245459f8c8d0d896355a0795220fa664

Headers

File Characteristics

Imports

kernel32

gdi32

comdlg32

ole32

ws2_32

shell32

user32

advapi32

msvcrt

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 323KB - Virtual size: 323KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 323KB - Virtual size: 323KB

.rsrc
Size: 10KB - Virtual size: 9KB