143635ecda1d2e6955a3254e57010ba3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

143635ecda1d2e6955a3254e57010ba3_JaffaCakes118
Size

117KB
MD5

143635ecda1d2e6955a3254e57010ba3
SHA1

01b3261463dcac38f299d1d41ea3dc8a9a800e49
SHA256

97212e5e548d6545a028c42c6604d31c60d2011e059b9df61c810e36cb895e2a
SHA512

1775f3e80c0762a52f8a08ed63c30412b39aafcf62c8dc3607cb020ccbdeb1f7b349e308e0e4080bc08d96d91968c82bf43d6b5a9e900f8edd9f2c5ce5a809fe
SSDEEP

1536:aCkZdOoPmCLSnsIwKpeTk8x1EKo+yrzhH51OqFU1JIV3waTz04hQz183uPrWtMg:G22Vkswp9KobpvOwms/Uz18eIM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
143635ecda1d2e6955a3254e57010ba3_JaffaCakes118

Files

143635ecda1d2e6955a3254e57010ba3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a86ccc35b66b614f8881742d5064234e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_stricmp
fread
exit
__setusermatherr
_exit
memmove
_initterm
__p__commode
_onexit
_adjust_fdiv
__set_app_type
fopen
_acmdln
strlen
printf
_except_handler3
fseek
fputs
malloc
_XcptFilter
fwrite
__getmainargs
strcmp
free
remove
fputc
fclose
strcpy
__p__fmode

kernel32

GetStartupInfoA
GetModuleHandleW
GetVersionExW
SetFilePointer
GetCurrentProcessId
ExitProcess
GetDiskFreeSpaceA
FlushFileBuffers
LCMapStringW
CopyFileA
LoadLibraryA
DeleteFileA
CreateProcessA
EnumCalendarInfoA
GlobalLock
GetProcAddress
CreateFileMappingA

comctl32

PropertySheetA
ImageList_Destroy
CreateToolbarEx
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_DragLeave
ImageList_EndDrag
CreatePropertySheetPageW
ImageList_SetOverlayImage
ImageList_Draw
ImageList_GetImageInfo
ImageList_DragShowNolock

oleaut32

LoadTypeLib
SafeArrayGetElement
SafeArrayCreate
SysAllocStringByteLen
VariantCopy
VariantClear
GetErrorInfo
SysAllocStringLen
SafeArrayGetUBound
SetErrorInfo
SafeArrayUnaccessData

user32

SetActiveWindow
UnhookWindowsHookEx
SendMessageA
GetWindow
UnregisterClassA
IsZoomed
GetKeyboardType
GetMenuState
SetPropA
TranslateMessage

advapi32

GetUserNameA
QueryServiceStatus
RegCreateKeyA
RegOpenKeyExW
DeleteService
RegDeleteKeyA
CheckTokenMembership
InitializeAcl
GetLengthSid
RevertToSelf
SetSecurityDescriptorGroup
RegOpenKeyExA
InitiateSystemShutdownA

ole32

CoTaskMemAlloc
StringFromIID
CoLoadLibrary
RevokeDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CLSIDFromString

shell32

ShellExecuteExA
SHFileOperationW
SHAddToRecentDocs
ExtractIconW
SHGetFolderPathA
SHBindToParent
FindExecutableW

gdi32

SetAbortProc
RectVisible
SelectPalette
GetObjectA
SetTextColor
LineTo
SetDIBitsToDevice
RemoveFontResourceA
GetStretchBltMode
CreatePenIndirect
DeleteObject

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a86ccc35b66b614f8881742d5064234e

Headers

File Characteristics

Imports

msvcrt

kernel32

comctl32

oleaut32

user32

advapi32

ole32

shell32

gdi32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 46KB - Virtual size: 61KB

.rsrc Size: 64KB - Virtual size: 63KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 46KB - Virtual size: 61KB

.rsrc
Size: 64KB - Virtual size: 63KB