0f5d6782815d68a4d404e993d84a02bc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0f5d6782815d68a4d404e993d84a02bc_JaffaCakes118
Size

414KB
MD5

0f5d6782815d68a4d404e993d84a02bc
SHA1

6252c91a523ae694f9c92e3fa05afe7e99ac1176
SHA256

12c23dbb4f2b7e9dc3743fd96dcd9bcfd33ce3052d74ca30f492d532722df8b3
SHA512

2b66f02247b6b37110c4d9ed5c5864222c9e705a30329c21e5273f2a0225c591deaea8b1e264d1128a7bed341b78e6f926d5a0661634022667324be519a44198
SSDEEP

12288:74JpA47mD/AWavLR3EmG6BDUtZyfh6AwQOXF/:EmZyf/wPXh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f5d6782815d68a4d404e993d84a02bc_JaffaCakes118

Files

0f5d6782815d68a4d404e993d84a02bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb4bf0284789c2c4ddab146a7a1a700c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteExA
ShellExecuteA
SHGetPathFromIDList
DragQueryFile
SHFileOperationW
SHFileOperationA
SHAddToRecentDocs
SHBrowseForFolderW
SHGetDataFromIDListA
ShellExecuteExW
ExtractIconA
SHEmptyRecycleBinA
SHChangeNotify

user32

DdeSetUserHandle
UnregisterClassW
IsClipboardFormatAvailable
RealGetWindowClass
CharNextExA
LoadMenuIndirectA
GetScrollRange

gdi32

GetCharABCWidthsFloatA
RealizePalette
GetEnhMetaFileBits
GetCharWidthFloatW
GetMapMode
CreatePolygonRgn
UpdateICMRegKeyA
CreateMetaFileA
GdiFlush
GetWorldTransform
CreateDCA
GetDeviceGammaRamp
GetCurrentObject
EnumObjects
EnumFontsA
SetBkMode
GetCharacterPlacementA
FillRgn
GetRasterizerCaps
SelectObject
GetTextMetricsW
PlgBlt
CreateColorSpaceW

comdlg32

PageSetupDlgA
GetOpenFileNameA
FindTextW
LoadAlterBitmap
GetOpenFileNameW
ChooseFontW
ChooseFontA
ChooseColorW
PrintDlgA
GetSaveFileNameA

kernel32

UnhandledExceptionFilter
TlsGetValue
TryEnterCriticalSection
WaitForMultipleObjectsEx
RtlUnwind
GetThreadPriorityBoost
FreeEnvironmentStringsA
MultiByteToWideChar
LoadLibraryA
WriteFile
GetModuleFileNameA
InitializeCriticalSection
SetFilePointer
VirtualAlloc
OpenSemaphoreA
GetProcAddress
TlsFree
LockResource
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetNumberFormatW
GetTickCount
LeaveCriticalSection
HeapAlloc
ExitProcess
EnterCriticalSection
GetStdHandle
GetModuleHandleA
QueryPerformanceCounter
FreeEnvironmentStringsW
InterlockedExchange
VirtualQuery
GetCommandLineA
HeapCreate
GetFileAttributesExA
TlsSetValue
lstrcatW
TlsAlloc
GetVersionExW
GetStartupInfoA
lstrlen
GetStartupInfoW
GetFileType
IsBadWritePtr
SetHandleCount
HeapFree
GetCurrentThread
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetVersion
GetCurrentProcessId
GetCommandLineW
ReadConsoleA
HeapDestroy
VirtualFree
GetEnvironmentStrings
GetLastError
DeleteCriticalSection
HeapReAlloc
GetModuleFileNameW
SetLastError
DeleteFileA
GetSystemDefaultLCID

advapi32

CryptSetProvParam
CryptDestroyKey
CryptEnumProviderTypesW
RegSetValueA
RegReplaceKeyA
InitiateSystemShutdownA
RegNotifyChangeKeyValue
CryptEnumProvidersW
RegDeleteValueW
RegSetValueExA
CryptAcquireContextA
GetUserNameA
RegDeleteKeyW
LookupAccountSidA
RegEnumValueA
RegQueryValueExW
RegLoadKeyA
CryptHashData

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 302KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb4bf0284789c2c4ddab146a7a1a700c

Headers

File Characteristics

Imports

shell32

user32

gdi32

comdlg32

kernel32

advapi32

Sections

.text Size: 102KB - Virtual size: 101KB

.data Size: 302KB - Virtual size: 329KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 102KB - Virtual size: 101KB

.data
Size: 302KB - Virtual size: 329KB

.rsrc
Size: 9KB - Virtual size: 9KB