15e3d638b0e83ef0ab3db5a2565f4321_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

15e3d638b0e83ef0ab3db5a2565f4321_JaffaCakes118
Size

111KB
MD5

15e3d638b0e83ef0ab3db5a2565f4321
SHA1

43d7c7bf6b87451c2b19101f3955a2a5fa6c3837
SHA256

d287b5089aaebfa8bc0ebeb3cf0e13b22758fba9cfadf153b62077e1caf96a3f
SHA512

971411037b5dcd134f617ca0979c11a8a4d7bdedba22c4af07d5cc2fe655cb5eb3fdf83905d052914395f100ffdc250739c75b951070397183f681e6dfc8614a
SSDEEP

3072:TQKqExR2Ch/ZJ27K7MbDR8GoY5/QMd0IvtcToHytctNg9JRVKd:IEbVzsbDRfN3vKToZkV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15e3d638b0e83ef0ab3db5a2565f4321_JaffaCakes118

Files

15e3d638b0e83ef0ab3db5a2565f4321_JaffaCakes118
.exe windows:4 windows x86 arch:x86

511bc22552cffdb2bc0409599dd60e62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CancelWaitableTimer
GetStartupInfoA
TlsSetValue
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsValidCodePage
GetCPInfo
GetModuleHandleA
GetEnvironmentStrings
TlsGetValue
IsDebuggerPresent
GetProcessHeap
GetTickCount
FlushFileBuffers
GetACP
GetCurrentProcess
OpenProcess
HeapFree
SetUnhandledExceptionFilter
GetVersionExA
SetHandleCount
ExitProcess
GetStdHandle
VirtualFree
GetModuleFileNameA
RtlUnwind
HeapCreate
ExitProcess
TerminateProcess
ReadFile
LoadLibraryW
GetEnvironmentStringsW
DeleteCriticalSection
UnhandledExceptionFilter
GetCommandLineA
TlsFree
RaiseException
GetFileType
InterlockedIncrement
GetFileAttributesW
HeapDestroy
SetLastError
HeapAlloc
QueryPerformanceCounter
TlsAlloc
GetCurrentThreadId
GetOEMCP
WideCharToMultiByte

gdi32

DeleteObject
GetDeviceCaps
CreateFontIndirectW
CreateSolidBrush
GetObjectW
SetBkColor
SetBkMode

user32

DestroyWindow
GetParent
SetWindowPos
BeginPaint
SetDlgItemTextW
SendMessageW
LoadIconW
SetWindowLongW
PostMessageW
LoadStringW
GetWindowDC
LoadBitmapW
GetDlgItem
MessageBoxW
EndPaint
ReleaseDC
GetWindowLongW
DefWindowProcW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetPathFromIDListW

oleacc

CreateStdAccessibleObject

ole32

CoCreateInstance
CoUninitialize
CoInitialize

crypt32

CryptMsgClose
CertGetNameStringW
CertFreeCertificateContext
CryptDecodeObject
CryptMsgGetParam
CryptQueryObject
CertFindCertificateInStore
CertEnumSystemStoreLocation
CertCloseStore

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

511bc22552cffdb2bc0409599dd60e62

Headers

File Characteristics

Imports

kernel32

gdi32

user32

shell32

oleacc

ole32

crypt32

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 56KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 56KB