030b7f14e6fd67f4595d74c3d455a1c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

030b7f14e6fd67f4595d74c3d455a1c4_JaffaCakes118
Size

6KB
MD5

030b7f14e6fd67f4595d74c3d455a1c4
SHA1

b8c254fd029bbc08ff1cb69625fce674ac39cd18
SHA256

42dcef123cd09ca4adff59c690caba19ef2ef4663e9aaff6aa01b0ae156fc4b2
SHA512

735f52d759c9e4017eb5614fca8ec5379a76f8b46d4561284a5577df6c8e192a5e4b6be934c00375b73a5ff58da9c3c5fe3b0eee098c57c2a4b7f4eecb882f23
SSDEEP

192:/tY1Tu/+EJx5s6TCDUortgAVFCA/yp4QpIu:K1ZsTCAorFrIJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
030b7f14e6fd67f4595d74c3d455a1c4_JaffaCakes118

Files

030b7f14e6fd67f4595d74c3d455a1c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bee067f84bcd5ce22bb4ae905a3d644b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
VirtualQuery
CreateDirectoryA
GetVersionExW
GetVersionExA
LocalFree
GetTempPathW
MultiByteToWideChar
GetFileAttributesW
GetCommandLineW
GlobalFree
GetModuleHandleW
GetProcessHeap
FreeEnvironmentStringsW
VirtualProtectEx
VirtualFree
GlobalHandle

msvcrt

realloc
_controlfp
__p__commode
_initterm
free
__getmainargs
_vsnprintf
atoi
__p___initenv
_except_handler3
_exit
strcpy
__setusermatherr
__p__fmode
_adjust_fdiv
calloc
__set_app_type
_XcptFilter
signal
wcslen
abort
_cexit
_onexit

user32

SetScrollInfo
CallWindowProcA
GetKeyboardType
FillRect
IsZoomed
ShowCursor
InsertMenuA
GetClientRect
SetWindowPos
PeekMessageA
MessageBoxA
OpenClipboard
wsprintfA
IsWindowVisible

gdi32

PolyBezierTo
SelectPalette
Chord
CombineRgn
ExcludeClipRect
EndPage
GetTextFaceW
Polyline
CreateDIBSection
GetStretchBltMode
SetGraphicsMode
RestoreDC
GetTextExtentPointW
PolyDraw
ScaleWindowExtEx

ole32

CoGetInterfaceAndReleaseStream
CoCreateInstance
ReleaseStgMedium
CoRegisterClassObject
CoCreateGuid
OleSetClipboard
CoDisconnectObject
OleRun
ProgIDFromCLSID
RegisterDragDrop
StringFromGUID2
CreateILockBytesOnHGlobal
StringFromCLSID
StgCreateDocfileOnILockBytes
StringFromIID
CoFreeUnusedLibraries
OleInitialize

advapi32

GetLengthSid
CryptHashData
CryptDestroyHash
EqualSid
RegQueryValueExW
AddAccessAllowedAce
InitiateSystemShutdownA
ControlService
RegDeleteValueW
InitializeSecurityDescriptor

comctl32

InitializeFlatSB
ImageList_DragEnter
ImageList_Read
ImageList_LoadImageA
ImageList_DrawEx
PropertySheetA
ImageList_GetBkColor
ImageList_Replace
ImageList_SetIconSize
ImageList_Destroy
ImageList_GetIcon

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bee067f84bcd5ce22bb4ae905a3d644b

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

gdi32

ole32

advapi32

comctl32

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 60KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 60KB

.rsrc
Size: 9KB - Virtual size: 9KB