0b598a282e524af3ed2c077403991b94_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b598a282e524af3ed2c077403991b94_JaffaCakes118
Size

68KB
MD5

0b598a282e524af3ed2c077403991b94
SHA1

45f2cdbdfdd740e30a7dddd18c70fc49dcb88db9
SHA256

dc7faa09b1fd0653350bfef35523d1d16aca40ba9512c8d002462df942b972b6
SHA512

527fb830a2f590cd55421d1225f6200d54cdb7bd3bd76d45b2e97d05575d4710682639d137177f85ddcd12a4e039f677d1f018c72625774fe5a9f806412f80be
SSDEEP

1536:AbT74WqEj8zjCpOMWPzAf7S9+5CEOYWhHimnocde6DXsB:I7zj8zoqAf7S9HYPEtdl8B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b598a282e524af3ed2c077403991b94_JaffaCakes118

Files

0b598a282e524af3ed2c077403991b94_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d1a472bc2c19317354ca49f027116921

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

PrintDlgExW
PrintDlgW
PageSetupDlgA
ChooseColorW

oleaut32

SysReAllocStringLen
CreateErrorInfo
VariantClear
SafeArrayUnaccessData
SysFreeString
GetErrorInfo
VariantInit
RegisterTypeLib
SafeArrayGetLBound
VariantCopyInd
OleLoadPicture
VariantChangeType
GetActiveObject
SafeArrayCreate
SafeArrayAccessData
SysAllocStringByteLen
VariantChangeTypeEx
VariantCopy
SafeArrayPutElement
SafeArrayGetElement
SysStringByteLen
SafeArrayGetUBound
SysAllocStringLen

ole32

CLSIDFromString
CoRevokeClassObject
CoInitialize
CoCreateGuid
CoInitializeEx
OleInitialize
CoSetProxyBlanket
OleRegGetMiscStatus
CoCreateFreeThreadedMarshaler
PropVariantCopy
OleRegGetUserType
StgIsStorageFile
CreateDataAdviseHolder
CoTaskMemFree
CoFreeUnusedLibraries
CoImpersonateClient
StgCreateDocfileOnILockBytes
CreateBindCtx
CoGetObjectContext
CoCreateInstance
PropVariantClear
OleUninitialize
IIDFromString
StringFromCLSID
MkParseDisplayName
GetHGlobalFromStream
OleSaveToStream
CoUnmarshalInterface
CoGetClassObject
WriteClassStm
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
CoDisconnectObject
CoTaskMemRealloc
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoGetMalloc
CoMarshalInterface
CoUninitialize
OleLoadFromStream

rpcrt4

NdrClientCall2
RpcStringBindingParseW
RpcStringFreeW
UuidToStringW
NdrOleFree
CStdStubBuffer_Disconnect
NdrDllCanUnloadNow
RpcRaiseException
NdrDllUnregisterProxy
RpcServerRegisterIfEx
IUnknown_Release_Proxy
RpcBindingSetAuthInfoW
CStdStubBuffer_CountRefs
UuidFromStringW
NdrDllRegisterProxy
CStdStubBuffer_QueryInterface
RpcImpersonateClient
UuidCreate
RpcServerUnregisterIf
RpcStringFreeA
UuidToStringA
CStdStubBuffer_Invoke
NdrServerCall2
RpcBindingToStringBindingW
IUnknown_QueryInterface_Proxy
RpcBindingVectorFree
CStdStubBuffer_AddRef
RpcBindingFromStringBindingW
NdrOleAllocate

kernel32

SetEndOfFile
CreateProcessA
VirtualAllocEx
SystemTimeToFileTime
lstrlenW
IsBadWritePtr
LoadLibraryExA
LocalAlloc
TlsSetValue
GetProcessHeap
lstrcatA
Sleep
ResetEvent
ReadFile
WideCharToMultiByte
FreeLibrary
GetFileSize
UnmapViewOfFile
MapViewOfFile
IsDBCSLeadByte
ExitProcess
VirtualQuery
CompareStringA
TerminateProcess
FindResourceW
GetDriveTypeW
GetCurrentProcess
InterlockedDecrement
FileTimeToLocalFileTime
lstrcmpiA
DisableThreadLibraryCalls
IsBadCodePtr
GetEnvironmentStrings
GetCommandLineA
GetOEMCP
HeapSize
ResumeThread
HeapAlloc
WaitForSingleObject
CreateMutexA
OutputDebugStringW
HeapCreate
GetExitCodeThread

shlwapi

StrCatW
StrTrimW
SHDeleteValueA
SHDeleteKeyA
PathStripToRootW
SHGetValueW
StrStrIW
PathIsURLW
StrCmpNIA
StrCpyW
wnsprintfW
StrToIntW
StrChrIW
UrlUnescapeW
StrRChrW
PathIsUNCW
PathCombineW
PathGetDriveNumberW
StrCmpNW
UrlCanonicalizeW
StrCatBuffW
SHStrDupW
PathSkipRootW
PathCreateFromUrlW
StrStrIA
PathIsRelativeW
PathRemoveFileSpecA
StrCpyNW
StrCmpW
PathAddBackslashW
PathFindExtensionA
StrChrW
StrToIntExW
StrDupW
PathAppendW
PathFindFileNameW
StrRetToBufW
PathRemoveBlanksW
StrCmpIW
PathFindExtensionW

version

GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerFindFileW
GetFileVersionInfoSizeW
VerQueryValueW
VerQueryValueA

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdata
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d1a472bc2c19317354ca49f027116921

Headers

File Characteristics

Imports

comdlg32

oleaut32

ole32

rpcrt4

kernel32

shlwapi

version

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 10KB - Virtual size: 17KB

.bdata Size: 12KB - Virtual size: 17KB

.idata Size: 11KB - Virtual size: 17KB

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 10KB - Virtual size: 17KB

.bdata
Size: 12KB - Virtual size: 17KB

.idata
Size: 11KB - Virtual size: 17KB