05628551080fb3301f26f92263b1c431_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

05628551080fb3301f26f92263b1c431_JaffaCakes118
Size

100KB
MD5

05628551080fb3301f26f92263b1c431
SHA1

3dd0e526dc0175ad708ff6a23710de2d4251f2c7
SHA256

e6e0195f58b40808daeddfb5e0ea9bbb17b07b4c8a9838597669ac436b12f732
SHA512

90635884da729351d18bed0e46bd09e8541e89c7a1c68f695ea76851d1b636a63f54531480b29bc1ac3096543b2b41e401e81adc22f2d028909c687086fea024
SSDEEP

3072:sGEHl1Cr3bSsHEIxLzkk3greqzSbXm8jbxDhh81:pEF1Cr3bSsHEIxL5g1eLmIdf8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05628551080fb3301f26f92263b1c431_JaffaCakes118

Files

05628551080fb3301f26f92263b1c431_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dbeea143f4240033f3f5daf3fd5ee125

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHBrowseForFolderA
DragQueryFileW
SHGetDesktopFolder
CommandLineToArgvW
SHGetSpecialFolderLocation
SHChangeNotify
DragQueryFileA

ole32

ReleaseStgMedium
CoSetProxyBlanket
CoRevokeClassObject
GetHGlobalFromStream
CoRevertToSelf
StgCreateDocfile
StgOpenStorage
GetRunningObjectTable
CLSIDFromString
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoMarshalInterThreadInterfaceInStream
CoGetClassObject
CoInitialize
CreateStreamOnHGlobal
CoInitializeSecurity
CreateBindCtx
StringFromCLSID
OleUninitialize
CoCreateGuid
CoInitializeEx
CoImpersonateClient
StringFromGUID2
CoGetInterfaceAndReleaseStream
CreateOleAdviseHolder
CoFreeUnusedLibraries
CoGetContextToken
CreateDataAdviseHolder
CoTaskMemAlloc
CLSIDFromProgID
IIDFromString
CoGetObjectContext
StgCreateDocfileOnILockBytes

msvcrt

sprintf
_ftol
__setusermatherr
strncmp
__p__commode
iswctype
_itoa
memcpy
wcstoul
setlocale
time
wcsrchr
fread
_controlfp
strstr
??1type_info@@UAE@XZ
__wgetmainargs
printf
strchr
_CxxThrowException
wcscat
__p__fmode
??2@YAPAXI@Z
__set_app_type
__dllonexit
_wcsnicmp
_wcsupr
isxdigit
_initterm
wcstol

oleaut32

SysReAllocStringLen
SafeArrayGetLBound
OleLoadPicture
GetActiveObject
VariantCopyInd
SafeArrayCreate
SafeArrayAccessData
VariantChangeTypeEx
SysStringLen
SafeArrayPutElement
CreateErrorInfo
VariantClear
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetElement
VariantInit
SafeArrayPtrOfIndex
VariantCopy
LoadTypeLib
SafeArrayGetUBound
SysFreeString
GetErrorInfo
RegisterTypeLib
VariantChangeType

rpcrt4

NdrClientCall2
RpcBindingFree
CStdStubBuffer_Disconnect
NdrDllRegisterProxy
CStdStubBuffer_DebugServerQueryInterface
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
RpcEpResolveBinding
CStdStubBuffer_AddRef
UuidToStringA
RpcBindingSetAuthInfoW
CStdStubBuffer_Invoke
NdrServerCall2
RpcServerUseProtseqEpW
RpcStringFreeW
NdrStubForwardingFunction
UuidCreate
CStdStubBuffer_IsIIDSupported
RpcStringBindingComposeW
NdrStubCall2
RpcRaiseException
UuidFromStringW
NdrDllGetClassObject
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
RpcStringFreeA
NdrOleAllocate
NdrCStdStubBuffer_Release
RpcBindingToStringBindingW
RpcBindingFromStringBindingW
UuidToStringW

user32

GetActiveWindow
GetSysColor
LoadIconA
CharNextA
InvalidateRect
IsWindow
LoadImageW
ReleaseDC
GetMenu
GetSysColorBrush
ChangeMenuW
GetWindowPlacement
GetWindowDC
EnableWindow
GetSystemMenu
GetSystemMetrics
UnhookWindowsHookEx
GetWindow
RedrawWindow
ReleaseCapture
MsgWaitForMultipleObjects
BeginPaint
GetMessageA
IsChild
CheckMenuItem
CreateWindowExW
GetCursorPos
GetWindowTextA
GetSubMenu
GetDlgItemTextA
RegisterClassExA

kernel32

GetThreadLocale
GetLocaleInfoW
GetCPInfo
GetCommandLineW
VirtualAlloc
ExitProcess
CreateFileMappingA
GetProcessHeap
DeviceIoControl
ResetEvent
FreeEnvironmentStringsA
GetModuleFileNameA
UnhandledExceptionFilter
lstrcatA
IsBadReadPtr
GetFullPathNameW
GetCommandLineA
LoadLibraryA
GetSystemDirectoryW
SetEvent
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
LocalAlloc
GetConsoleMode
CloseHandle
GetACP
WriteConsoleW
lstrcpynW
OutputDebugStringW
GetCurrentThread
GetOEMCP
GetCurrentProcessId
GetModuleHandleW
GetUserDefaultLCID
TerminateProcess
FindNextFileA
GetStdHandle
CreateMutexW
SetStdHandle
Sleep
GetVersionExW
TlsAlloc

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 47KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 483B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbeea143f4240033f3f5daf3fd5ee125

Headers

File Characteristics

Imports

shell32

ole32

msvcrt

oleaut32

rpcrt4

user32

kernel32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 47KB - Virtual size: 106KB

.reloc Size: 512B - Virtual size: 483B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 47KB - Virtual size: 106KB

.reloc
Size: 512B - Virtual size: 483B