03e20506fbe0c408bc11e7de63cd0b67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03e20506fbe0c408bc11e7de63cd0b67_JaffaCakes118
Size

107KB
MD5

03e20506fbe0c408bc11e7de63cd0b67
SHA1

2cc6e82e1f9043527bad0b1b5240ec6ce18356ad
SHA256

b21384bac4c9f3e35cfcb7f2d7fdff959bc3023e99960bf364a934ca76d549fe
SHA512

49a462bac18470b3667ec4f38b0969a2e25d0dc4eea9ab106fd574eb6cab3550cae6ce94ae13d522a860aa524ec54b20966f7834d59ef966038d9cc459feabc9
SSDEEP

3072:gLY3tTo8nFoMp0doUBH51VfWDcdpQlKMMiU1s:LtTo8nGMp0iUP1tPQlKNPs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03e20506fbe0c408bc11e7de63cd0b67_JaffaCakes118

Files

03e20506fbe0c408bc11e7de63cd0b67_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4aa43cc47c35ab26f3c27990e10a3b1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopyInd
SysFreeString
SysAllocStringLen
LoadTypeLib

advapi32

OpenServiceA
QueryServiceStatus
SetSecurityDescriptorDacl
StartServiceA
ControlService
CreateServiceA
OpenSCManagerA
DeleteService
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueA

ole32

StringFromGUID2
StgCreateDocfileOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
GetRunningObjectTable
GetConvertStg
CreateFileMoniker
CLSIDFromString
CreateDataAdviseHolder
CoTaskMemRealloc
CoTaskMemAlloc
CoLockObjectExternal
CoGetMalloc
CoFileTimeNow
CoCreateGuid
OleSetClipboard

user32

ShowCaret
MessageBeep
LoadIconA
IsCharUpperA
GetWindowTextA
EnableScrollBar
EnableMenuItem
DrawStateA
BeginPaint
ActivateKeyboardLayout
wsprintfA

shell32

SHGetMalloc
SHFileOperationA
SHGetFileInfoA
SHBindToParent

shlwapi

PathIsRootA
PathIsRelativeA
PathIsDirectoryA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA
PathCompactPathExA
PathCanonicalizeA
PathAppendA
StrStrIA
SHAutoComplete
PathUnquoteSpacesA
PathQuoteSpacesA
PathMatchSpecA

msvcrt

vsprintf
strstr
sprintf
rand
malloc
__set_app_type
getenv
strchr
free
fflush
_except_handler3
_errno
memchr

kernel32

OpenFileMappingA
SleepEx
lstrcmpA
LeaveCriticalSection
InterlockedIncrement
HeapAlloc
GetTimeFormatA
GetStartupInfoA
FreeResource
ExitThread
MapViewOfFile

Exports

Exports

Crl
Eob
Gpi
Igo
Jpv
Osb
Rrj
Vdc
Zlj

Sections

.text
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4aa43cc47c35ab26f3c27990e10a3b1d

Headers

File Characteristics

Imports

oleaut32

advapi32

ole32

user32

shell32

shlwapi

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 36KB

.rdata Size: 28KB - Virtual size: 32KB

.data Size: 21KB - Virtual size: 24KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 28KB

.text
Size: 32KB - Virtual size: 36KB

.rdata
Size: 28KB - Virtual size: 32KB

.data
Size: 21KB - Virtual size: 24KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 28KB