070cd9a6970598ff881b35c64d6aca78_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

070cd9a6970598ff881b35c64d6aca78_JaffaCakes118
Size

158KB
MD5

070cd9a6970598ff881b35c64d6aca78
SHA1

0c79aad9964660e402026946bc14f10ae3c2974c
SHA256

d6fb9d97f0bced584a4570200136cc019cd0d5e7db754ce7af0f774a5375096e
SHA512

225a4857d488a1dae2a1f5f78cc2adf0469f5ac64b5e855e6db055363be326acbfb22f0ab285c091f03a20bd272f3db579133493aae0fb061b686c55ea484153
SSDEEP

3072:VAbyqpGzGsCdAtgl0bi7C0lT/e7nRFzHhvAle:VAbBpGz0CSl0yCQT/e7RFzGe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
070cd9a6970598ff881b35c64d6aca78_JaffaCakes118

Files

070cd9a6970598ff881b35c64d6aca78_JaffaCakes118
.exe windows:4 windows x86 arch:x86

086fc46af445cdc5c23991c1d39b3e20

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
GetUserNameA

msvcrt

memcpy
clock
calloc
memmove
asin

ole32

StgCreateDocfileOnILockBytes
CoDisconnectObject
CoGetContextToken
CoReleaseMarshalData
OleCreateStaticFromData
CoCreateGuid
CLSIDFromProgID
WriteClassStm
CoCreateInstanceEx
StringFromIID

shlwapi

PathFileExistsA
SHDeleteKeyA

shell32

SHFileOperationA
SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetDiskFreeSpaceA
SHGetDesktopFolder

comctl32

ImageList_Write
ImageList_Remove
ImageList_Destroy
ImageList_Create
ImageList_DragShowNolock
ImageList_Draw
ImageList_Add

version

GetFileVersionInfoSizeA
VerFindFileA
VerInstallFileA

kernel32

GetVersionExA
LocalFree
LocalAlloc
LoadLibraryA
GetCommandLineA
lstrlenA
GetModuleHandleA
GetCurrentThread
GetCurrentProcessId
ExitProcess
VirtualAllocEx
GetTickCount
LoadLibraryExA

comdlg32

ChooseColorA
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
FindTextA

oleaut32

VariantChangeType
SysReAllocStringLen
OleLoadPicture
RegisterTypeLib
SysStringLen

user32

GetClassLongA
GetClientRect
GetCursor
CreatePopupMenu
GetCapture
IsChild
GetClassInfoA
FrameRect
CharLowerA
EnableScrollBar
GetPropA
GetClipboardData

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.init
Size: 116KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

086fc46af445cdc5c23991c1d39b3e20

Headers

File Characteristics

Imports

advapi32

msvcrt

ole32

shlwapi

shell32

comctl32

version

kernel32

comdlg32

oleaut32

user32

Sections

.text Size: 35KB - Virtual size: 35KB

.init Size: 116KB - Virtual size: 248KB

.tls Size: 2KB - Virtual size: 1KB

BSS Size: 1KB - Virtual size: 1KB

DATA Size: 1KB - Virtual size: 1KB

.text
Size: 35KB - Virtual size: 35KB

.init
Size: 116KB - Virtual size: 248KB

.tls
Size: 2KB - Virtual size: 1KB

BSS
Size: 1KB - Virtual size: 1KB

DATA
Size: 1KB - Virtual size: 1KB