16206b225b337a72f2e55fbee00d2bb6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16206b225b337a72f2e55fbee00d2bb6_JaffaCakes118
Size

112KB
MD5

16206b225b337a72f2e55fbee00d2bb6
SHA1

288bad84d4d4504053b889797857206a2f090631
SHA256

743b1e89bcac389343bcd82f6c2a38e61838276653ad73e59b76138da57654bf
SHA512

fd13b770fe26af30776875c9c34ebf1e8183190237133dee2d8b4e5697228f142b87f0e94270e8a945be4265c68a559811d1f7f842017300db9e8612c7691da8
SSDEEP

3072:S1QtmSPBeoes8EuG3JH/JFQWIz0lKMMiU1m9:Smwa8dG5H3TKNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16206b225b337a72f2e55fbee00d2bb6_JaffaCakes118

Files

16206b225b337a72f2e55fbee00d2bb6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5e315addd1377bb157c1feb94e06d57

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen
LoadTypeLib

advapi32

CloseServiceHandle
ControlService
StartServiceA
QueryServiceStatus
InitializeSecurityDescriptor
DeleteService
CreateServiceA
AdjustTokenPrivileges

ole32

WriteFmtUserTypeStg
ReleaseStgMedium
ProgIDFromCLSID
OleSetClipboard
OleLockRunning
OleInitialize
OleGetClipboard
CreateOleAdviseHolder
CoUninitialize
CoTaskMemFree
WriteClassStm
CoRegisterClassObject
CoInitialize
CoGetMalloc
CLSIDFromString

user32

SetCursor
MessageBeep
LoadCursorA
IsCharUpperA
IsCharLowerA
EndDeferWindowPos
DrawTextA
DrawMenuBar
DestroyCursor
CreateDialogIndirectParamA
CreateDesktopW
CopyImage
CharLowerA

shell32

SHGetFileInfoA
SHFileOperationA
SHBindToParent
SHGetMalloc

shlwapi

SHAutoComplete
StrChrA
StrStrIA
PathFindFileNameA
PathFindExtensionA
PathFileExistsA
PathCompactPathExA
PathCanonicalizeA
PathAppendA
PathUnquoteSpacesA
PathMatchSpecA
PathIsRootA
PathIsRelativeA
PathIsDirectoryA

msvcrt

time
strcmp
memset
__dllonexit
memcpy
malloc
free
_errno

kernel32

lstrcpynA
lstrlenA
lstrcmpA
lstrcatA
SetCurrentDirectoryA
LocalAlloc
LeaveCriticalSection
InitializeCriticalSection
GetVersion
GetStartupInfoA
GetFileSize
FreeResource
ExitThread
ExitProcess
lstrcpyA

Exports

Exports

Bdg
Dkt
Ems
Iat
Nyn
Ocs
Rla
Tcl
Uby
Wmr

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5e315addd1377bb157c1feb94e06d57

Headers

File Characteristics

Imports

oleaut32

advapi32

ole32

user32

shell32

shlwapi

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 31KB - Virtual size: 32KB

.data Size: 24KB - Virtual size: 28KB

.idata Size: 3KB - Virtual size: 4KB

.rsrc Size: 24KB - Virtual size: 28KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 31KB - Virtual size: 32KB

.data
Size: 24KB - Virtual size: 28KB

.idata
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 24KB - Virtual size: 28KB