07b5f673ead3afb6e4cbaeeb48c59c52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07b5f673ead3afb6e4cbaeeb48c59c52_JaffaCakes118
Size

103KB
MD5

07b5f673ead3afb6e4cbaeeb48c59c52
SHA1

72c7d065e44a719e86bfa2b945d798007435fe78
SHA256

e20949f418cf66e820ada88933c5d7a84f8b637e274806c176b2bb9d0b312105
SHA512

341696e4ae4b8c72cd08637664967d5b86902bd2b72a8eb2aac2d5e810ee2b6e61c779702d4364f4b2819ada655497e20bb11c0804f247c63bcbf0f88a18581a
SSDEEP

1536:CqJW3IBqpAXmqmuyBXSu6omC/w539lGzNP5x2d5shN73Y:dJW38/4EdVGNxxjhNLY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07b5f673ead3afb6e4cbaeeb48c59c52_JaffaCakes118

Files

07b5f673ead3afb6e4cbaeeb48c59c52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82b892c1560f7376c05585101c514482

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFileA
SHGetDesktopFolder
SHGetDiskFreeSpaceA
SHFileOperationA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHFileOperationA

comctl32

ImageList_Remove
ImageList_Destroy
ImageList_DragShowNolock
ImageList_Remove
ImageList_Create
ImageList_Read
ImageList_Add
ImageList_Destroy
ImageList_GetBkColor
ImageList_DrawEx
ImageList_GetBkColor
ImageList_Destroy
ImageList_Draw
ImageList_Create
ImageList_DrawEx
ImageList_Add

ole32

CoReleaseMarshalData
CreateBindCtx
StgCreateDocfileOnILockBytes
PropVariantClear
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoRevokeClassObject
OleRegGetUserType
CreateOleAdviseHolder
StgOpenStorage

comdlg32

GetSaveFileNameA
FindTextA
GetOpenFileNameA

kernel32

GetProcAddress
DeleteFileA
GetModuleHandleA
GetACP
GetOEMCP
GetLastError
ExitThread
VirtualAllocEx
GetProcAddress

oleaut32

SysFreeString
OleLoadPicture
SysStringLen
GetErrorInfo
VariantCopyInd
SafeArrayUnaccessData
VariantChangeType
SafeArrayPtrOfIndex
RegisterTypeLib
SafeArrayGetUBound
SafeArrayUnaccessData
OleLoadPicture
SafeArrayCreate
SysStringLen

user32

IsDialogMessageA
FrameRect
GetWindowDC
CharLowerA
GetCursor
IsWindowVisible
MoveWindow
CreateWindowExA
GetFocus
IsChild

gdi32

GetDIBits
RestoreDC
CreatePalette
BitBlt

advapi32

RegCreateKeyExA
RegOpenKeyA

version

VerFindFileA
GetFileVersionInfoSizeA

shlwapi

SHGetValueA

Sections

CODE
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 523B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82b892c1560f7376c05585101c514482

Headers

File Characteristics

Imports

shell32

comctl32

ole32

comdlg32

kernel32

oleaut32

user32

gdi32

advapi32

version

shlwapi

Sections

CODE Size: 30KB - Virtual size: 29KB

.rdata Size: 1024B - Virtual size: 523B

.tls Size: 69KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 1KB

CODE
Size: 30KB - Virtual size: 29KB

.rdata
Size: 1024B - Virtual size: 523B

.tls
Size: 69KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 1KB