11d20aeb99c4bb7625615cfa07288eef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

11d20aeb99c4bb7625615cfa07288eef_JaffaCakes118
Size

29KB
MD5

11d20aeb99c4bb7625615cfa07288eef
SHA1

23e55c53d167dd60b7270ccf77ff8f68cc09d9e7
SHA256

12deb9287d73da79ab8c723a98ad9683590d35bffec263e6db48aee07452d17a
SHA512

56c52745b6818f26cf8bdd93dd60b4059e03cfbd5739155cb9fb467059d47657241d7a066e30f49eb2355b3623af4aa5c32df4386642e6a3bd8f9ab8d34140a5
SSDEEP

768:wAr4voznCjvBydltnT0KHwR0MazadDcu3+JWt:wC4voznCkdAywmL0DcQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11d20aeb99c4bb7625615cfa07288eef_JaffaCakes118

Files

11d20aeb99c4bb7625615cfa07288eef_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c5879e58d3fd75c2fd3bd14e1192e5fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadResource
DeviceIoControl
GetFullPathNameW
SizeofResource
IsValidCodePage
CreateFileMappingW
ExpandEnvironmentStringsA
GetLastError
CreateDirectoryA
VirtualAlloc
VirtualFree
MulDiv
IsBadCodePtr
CreateProcessW
OutputDebugStringW
SetFileAttributesA
ExitProcess
WriteConsoleW
lstrcatW
LockResource
CreateMutexW
GetCurrentDirectoryW
FindResourceA
CopyFileW
GetCurrentProcess
GetComputerNameW
AddAtomW
CreateMutexA

ole32

CoCreateInstanceEx

user32

GetParent
LoadStringA
DispatchMessageA
EndPaint
wsprintfA
SetCursor
MessageBoxA
SetWindowLongA
GetSystemMetrics
KillTimer
GetDlgItem
ReleaseDC
SetWindowLongW
MessageBoxW
GetWindowLongA
PostMessageW
DestroyWindow
SendMessageA
GetClientRect
SetFocus
InvalidateRect
wsprintfW
LoadStringW
CharNextA
ShowWindow
GetWindowLongW
PostQuitMessage
DefWindowProcA
SendMessageW
SetWindowPos
SetTimer
UpdateWindow
GetSysColor
EndDialog
GetWindowRect
CreateWindowExA
GetDesktopWindow
EnableWindow
GetDC
BeginPaint
CharNextW

rpcrt4

DceErrorInqTextW
MesBufferHandleReset
MesHandleFree
NdrAsyncServerCall
DllRegisterServer
NDRSContextMarshall
NdrByteCountPointerBufferSize
NdrByteCountPointerFree
MesIncrementalHandleReset
CreateStubFromTypeInfo
NdrAsyncClientCall
MesDecodeIncrementalHandleCreate
DllGetClassObject
NDRSContextMarshallEx

shell32

IsLFNDrive
DllRegisterServer
SHDefExtractIconW
DllCanUnloadNow
DAD_DragMove
DriveType
SHChangeNotifyDeregister
SHILCreateFromPath
PathResolve
SHStartNetConnectionDialogW
DragAcceptFiles
GetFileNameFromBrowse
Shell_GetImageLists
PathQualify
RestartDialog
DllUnregisterServer
DllInstall
SHCoCreateInstance
DAD_DragLeave
DragFinish
DAD_DragEnterEx
PifMgr_OpenProperties
Shell_MergeMenus
SHChangeNotifyRegister
PickIconDlg
DllGetVersion
SHGetSetSettings
IsNetDrive

msvcrt

realloc
wcsncpy
_ftol
swprintf
wcscpy
_itow
__dllonexit
_vsnwprintf
_onexit
_wtoi
fwrite
_except_handler3
_wcsicmp
wcslen
_local_unwind2
_adjust_fdiv
_iob
wcsncmp
_strnicmp
_initterm
free
malloc
wcscmp

advapi32

RegCreateKeyExA
OpenThreadToken
RegOpenKeyExA
FreeSid
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueA
RegQueryValueExA
RegSetValueExW
RegDeleteKeyA
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegCloseKey
RegSetValueExA
RegDeleteKeyW
CloseServiceHandle
RegEnumKeyExA
AllocateAndInitializeSid
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken

Sections

.textbss
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 1024B - Virtual size: 675B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5879e58d3fd75c2fd3bd14e1192e5fe

Headers

File Characteristics

Imports

kernel32

ole32

user32

rpcrt4

shell32

msvcrt

advapi32

Sections

.textbss Size: - Virtual size: 48KB

.debug Size: 1KB - Virtual size: 1KB

.idata Size: 10KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 14KB - Virtual size: 13KB

.text Size: 1024B - Virtual size: 675B

.textbss
Size: - Virtual size: 48KB

.debug
Size: 1KB - Virtual size: 1KB

.idata
Size: 10KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 14KB - Virtual size: 13KB

.text
Size: 1024B - Virtual size: 675B