0cdb02ced5939931f063ee5b85a7d7c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0cdb02ced5939931f063ee5b85a7d7c5_JaffaCakes118
Size

307KB
MD5

0cdb02ced5939931f063ee5b85a7d7c5
SHA1

d85a6de97d7fe2d4bc7af66a15b644411a60015b
SHA256

e2a6c4e34242c1ab03c29cd249978a2b2f4329e651da5d9fb8b1cdbefd4a6fb6
SHA512

f3b6348d567f3d056c99e2257bd7ae5f22a78b82cfeab9261fd66d299c66a6c37edd84425a49eb4d391ca7ff1bd13954994ffb4934cda45d77339b61326e0e21
SSDEEP

6144:xM6niRvRv1wOhL8QRjPH17YTzK/ixuSEo/k5devilbfbEz8GGDfZB2pOE:e6iRZ9hLVRjJYHKawIIlbzEI3Hc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cdb02ced5939931f063ee5b85a7d7c5_JaffaCakes118

Files

0cdb02ced5939931f063ee5b85a7d7c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65f6d952c87a90d452d7636f525ce1ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperBuffW
UnregisterClassA
wsprintfW
UpdateWindow

oleaut32

SafeArrayUnlock
SysStringLen
VariantClear
LoadRegTypeLi
SafeArrayGetUBound
SafeArrayLock
SysStringByteLen
SafeArrayCopy
SafeArrayDestroy
SafeArrayGetLBound
VarBstrCat
VariantCopy
SafeArrayCreate
SafeArrayRedim
VariantInit
SafeArrayGetVartype
VariantCopyInd
SysAllocStringLen
LoadTypeLi
SysFreeString
SysAllocStringByteLen
VarBstrCmp
SysAllocString

kernel32

GetACP
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
GetLogicalDrives
HeapAlloc
GetModuleHandleW
EnterCriticalSection
HeapReAlloc
FindFirstVolumeMountPointW
SetThreadLocale
CloseHandle
GetDriveTypeW
GetVolumeNameForVolumeMountPointW
HeapDestroy
FormatMessageW
lstrlenW
GetCurrentThreadId
GetThreadLocale
FindVolumeMountPointClose
GetLogicalDriveStringsW
QueryDosDeviceW
DeleteCriticalSection
HeapSize
GetProcessHeap
FindNextVolumeMountPointW
HeapFree
IsDebuggerPresent
RaiseException
SetLastError
CreateThread
VirtualAllocEx

advapi32

EqualSid
RegQueryValueExW
CopySid
RegQueryInfoKeyW
RegCloseKey
OpenProcessToken
RegEnumValueW
GetLengthSid
RegEnumKeyExW
GetTokenInformation
OpenThreadToken
IsValidSid
RegOpenKeyExW

shell32

SHGetDesktopFolder
SHGetMalloc

userenv

UnloadUserProfile

ole32

CoImpersonateClient
CoGetCallContext
CoRevertToSelf
CoCreateInstance

shlwapi

StrRetToStrW

comctl32

CreateStatusWindow
ImageList_GetIcon
GetMUILanguage
FlatSB_SetScrollInfo
CreatePropertySheetPageA
ImageList_DragShowNolock
ImageList_Replace
CreateMappedBitmap
CreateStatusWindowA
CreateStatusWindowW

kbdtuq

KbdLayerDescriptor

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 40KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 173KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65f6d952c87a90d452d7636f525ce1ee

Headers

File Characteristics

Imports

user32

oleaut32

kernel32

advapi32

shell32

userenv

ole32

shlwapi

comctl32

kbdtuq

Sections

.text Size: 17KB - Virtual size: 17KB

.bss Size: 40KB - Virtual size: 227KB

.reloc Size: 173KB - Virtual size: 411KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 57KB - Virtual size: 454KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 17KB - Virtual size: 17KB

.bss
Size: 40KB - Virtual size: 227KB

.reloc
Size: 173KB - Virtual size: 411KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 57KB - Virtual size: 454KB

.rsrc
Size: 16KB - Virtual size: 16KB