0947a3ef73789d32b82a02498bdf7345_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0947a3ef73789d32b82a02498bdf7345_JaffaCakes118
Size

147KB
MD5

0947a3ef73789d32b82a02498bdf7345
SHA1

7fa57692c4c0054067ebc3d73da5c7207bf032bd
SHA256

2c1c67d79e7aecb26b9d04378815971f9aaf435a45e398cb814c75bd2f76e0d5
SHA512

116f36cbd86280676fd376c03ee3acdde2208d1ff94b0bacb34ab3bce56d862538853f92639ea394134216db83a231e2eeffac4f977e3fa2082c676cd55b92ee
SSDEEP

3072:PsD7VknLCc6Sv8c9ri51nq6XEY7TGdhfHLu/xp7uqHIzuhnDNR74:Ps4WpXV0sbHNR7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0947a3ef73789d32b82a02498bdf7345_JaffaCakes118

Files

0947a3ef73789d32b82a02498bdf7345_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bcc1371c3a05ee132e381f3cd64056b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStartupInfoA
GetCurrentDirectoryA
GetCurrentProcess
GetModuleHandleA
VirtualProtect
lstrcmpiW
InterlockedCompareExchange
ExitProcess
DeleteFileW
CopyFileA
GetOEMCP

user32

EndDialog
CreateWindowExA
EnableMenuItem
GetSysColor

msvcrt

log10
localeconv
_except_handler3
_initterm
__getmainargs
_itow
_acmdln
_adjust_fdiv
__setusermatherr
_dup
_XcptFilter
__p__commode
__set_app_type
exit
__p__fmode
sin
strlen

shell32

SHAppBarMessage
SHFileOperationW
SHGetMalloc
DragQueryFileA
FindExecutableW
SHBrowseForFolder
SHGetDesktopFolder
Shell_NotifyIconA
SHGetFolderPathW
ExtractIconExW
SHCreateDirectoryExA
ShellExecuteA

ole32

CoReleaseMarshalData
CLSIDFromProgID
CoLoadLibrary
StgCreateDocfileOnILockBytes
CoGetClassObject
IIDFromString
StringFromGUID2
CoCreateInstance
CoGetInterfaceAndReleaseStream
DoDragDrop

oleaut32

SafeArrayCreate
SysReAllocStringLen
VariantCopy
VariantCopyInd
VariantInit
SysStringByteLen
SysStringLen
SysAllocStringLen
SafeArrayRedim
VariantClear

comctl32

ImageList_SetOverlayImage
ImageList_Create
ImageList_LoadImageA
ImageList_Replace
ImageList_GetIconSize
ImageList_Read
ImageList_SetImageCount
ImageList_BeginDrag
InitCommonControlsEx
ImageList_LoadImageW

advapi32

OpenThreadToken
RevertToSelf
DeregisterEventSource
RegOpenKeyExA
RegQueryInfoKeyW
RegDeleteKeyA
RegEnumValueW
AddAccessAllowedAce
AllocateAndInitializeSid

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bcc1371c3a05ee132e381f3cd64056b1

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

shell32

ole32

oleaut32

comctl32

advapi32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 6KB - Virtual size: 5KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 6KB - Virtual size: 5KB