01efbca2241ba6d82354a73f02ec6049_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01efbca2241ba6d82354a73f02ec6049_JaffaCakes118
Size

813KB
MD5

01efbca2241ba6d82354a73f02ec6049
SHA1

df19340573f880a73add332033e554e1bed359fe
SHA256

1e48426f299d9d82ebd5d1c239ddefb4ef7ca7be4405636cf907f453f9fb20f2
SHA512

d610ea8d29f0408bdcc9efb62cf493b2c345d0d23e450b146b9f697af12f948111a8640e245a1b38e92f98f74c93c36b2d860b1d4351b5a84a144b3a35c9b9c6
SSDEEP

24576:7zghZ8N9Ifsk+Ke08K6Wvf8e2IBROh/0Kr0:7C8X0Fm7G0is/r0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01efbca2241ba6d82354a73f02ec6049_JaffaCakes118

Files

01efbca2241ba6d82354a73f02ec6049_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5bdb1201a767716aa0f8cdc52ca91698

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromOle1Class
CLIPFORMAT_UserFree
BindMoniker
PropVariantChangeType

user32

TranslateMessage
DestroyIcon
SendMessageA
SetWindowPos
DefWindowProcA
InvalidateRect
GetFocus
CreateWindowExA
GetDesktopWindow
MessageBoxA
SetWindowLongA
UpdateWindow
MoveWindow
GetWindowLongW
SendMessageW
SetWindowTextW
GetWindowRect
LoadStringW
GetClientRect
GetDlgItem
GetSystemMetrics
GetDC
ReleaseDC
ShowWindow
EndDialog

advapi32

CopySid
ImpersonateLoggedOnUser
GetSidIdentifierAuthority
UnregisterTraceGuids
SetSecurityDescriptorDacl
CryptDestroyHash
RegFlushKey
RegisterEventSourceW
RegQueryValueExA
RegCreateKeyW
SetServiceStatus
RegSetValueExA
RegDeleteKeyW
BuildTrusteeWithObjectsAndNameA
RegSetValueExW
BuildExplicitAccessWithNameA
RegDeleteValueW
RegCloseKey
AdjustTokenGroups
AddAccessDeniedAce
RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExW
RegCreateKeyExW
OpenProcessToken
ControlTraceA
RegOpenKeyExA

ws2_32

setsockopt
WSACleanup
WSAStartup
bind
listen

kernel32

FindResourceA
GetModuleHandleA
GetStartupInfoA
BaseDumpAppcompatCache
BaseInitAppcompatCacheSupport
VirtualAlloc
ExitProcess
EnumResourceTypesA
EnumResourceNamesA
SetErrorMode
LockResource

msvcrt

_access
_assert
_atoldbl
_atoi64
_close
_cgets
_c_exit
_cabs
_beep
_chdir

oleaut32

SafeArrayGetElement
GetErrorInfo
SafeArrayCreate
SafeArrayUnaccessData
VariantCopy
LoadTypeLib
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SetErrorInfo
SafeArrayGetUBound
CreateErrorInfo
SysStringByteLen
SysAllocStringLen
LoadTypeLibEx
VariantCopyInd
SysFreeString
GetActiveObject
SysAllocStringByteLen
SysReAllocStringLen
VariantClear

Sections

CODE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 163B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 100KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bdb1201a767716aa0f8cdc52ca91698

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

advapi32

ws2_32

kernel32

msvcrt

oleaut32

Sections

CODE Size: 1KB - Virtual size: 1KB

DATA Size: - Virtual size: 163B

BSS Size: - Virtual size: 100KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 592B

.rdata Size: - Virtual size: 256B

.rsrc Size: 119KB - Virtual size: 119KB

CODE
Size: 1KB - Virtual size: 1KB

DATA
Size: - Virtual size: 163B

BSS
Size: - Virtual size: 100KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 592B

.rdata
Size: - Virtual size: 256B

.rsrc
Size: 119KB - Virtual size: 119KB