12705031b03fa0c191fdacebdbc79ef1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

12705031b03fa0c191fdacebdbc79ef1_JaffaCakes118
Size

129KB
MD5

12705031b03fa0c191fdacebdbc79ef1
SHA1

65dd9e8051649a224f6c4ec2ca5c7464f4b1610d
SHA256

cc45effecfee11c3c08f4dfa86d3a7b787eed23ae0040d3b88832cc93aaf2fc3
SHA512

2ed869ce635570860173715b8934a5866dbc028e527b6058e56501276925633a60af6cbbfbae17c8f6a1ca5e0bab76ae418e368f6a09a0fbfa5f048fc29a54ac
SSDEEP

3072:tIKghVypsAX6Bmiitbqf8l0VCWk2y/gnfS7o/72IWxH1gj6:6RmqBmiiGaCaEKIWxW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12705031b03fa0c191fdacebdbc79ef1_JaffaCakes118

Files

12705031b03fa0c191fdacebdbc79ef1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

422f1eb5ce03f83f4ef8857e25396d94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

IsDBCSLeadByte
GetExitCodeProcess
GetStartupInfoA
FileTimeToLocalFileTime
VirtualProtect
GetConsoleMode
GetSystemDirectoryA
GetLastError
GetThreadLocale
GetModuleHandleA

msvcrt

__setusermatherr
_XcptFilter
log
__getmainargs
towlower
__set_app_type
_except_handler3
__p__commode
__p__fmode
__mb_cur_max
_adjust_fdiv
exit
_errno
_acmdln
_ultoa
wcscspn
srand
_initterm
_purecall

user32

UnregisterClassA
MapWindowPoints
GetCursorPos

version

GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
VerLanguageNameA
GetFileVersionInfoSizeW

oleaut32

SafeArrayPutElement
SysReAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetElement
SysStringLen
GetActiveObject

advapi32

RegDeleteKeyW
RegSetValueExA
CryptHashData
InitiateSystemShutdownA
InitializeSecurityDescriptor
RegDeleteKeyA
CryptDestroyHash
OpenServiceW

shell32

SHFileOperationA
ShellExecuteEx
SHGetSettings
ShellExecuteA
DragQueryFileA
SHCreateDirectoryExW

comctl32

ImageList_BeginDrag
ImageList_Remove
ImageList_GetBkColor
ImageList_DragLeave

ole32

StringFromCLSID
ProgIDFromCLSID
CoInitializeEx
CoLoadLibrary
IsAccelerator
CoGetInterfaceAndReleaseStream
CoFreeUnusedLibraries
OleInitialize
StringFromIID
RevokeDragDrop
CoInitializeSecurity

gdi32

OffsetClipRgn
CreateBitmap
CreateFontIndirectW
IntersectClipRect
SetViewportExtEx
DeleteDC
SetBkMode
EnumFontFamiliesExW

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

422f1eb5ce03f83f4ef8857e25396d94

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

version

oleaut32

advapi32

shell32

comctl32

ole32

gdi32

Sections

.text Size: 63KB - Virtual size: 62KB

.data Size: 49KB - Virtual size: 48KB

.rsrc Size: 16KB - Virtual size: 120KB

.text
Size: 63KB - Virtual size: 62KB

.data
Size: 49KB - Virtual size: 48KB

.rsrc
Size: 16KB - Virtual size: 120KB