16ab3322f45ae5bbdbf482829d3ec86c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

16ab3322f45ae5bbdbf482829d3ec86c_JaffaCakes118
Size

26KB
MD5

16ab3322f45ae5bbdbf482829d3ec86c
SHA1

00c9265d2e0aed731315cd62cdd45fcbc4d77bf8
SHA256

ccc1d86b690fa3760625f1b9e745a8a159afa06fe513101750bc5ee8927cc620
SHA512

34cae5ec547510f87d4a989fceea54731671e2233f82c612bc969ab3c7b65d07fd28ecfcec733351df3eb1454520f1710bd7c08ad4b320ae53e97f37bbb5e4bf
SSDEEP

384:u34ILw3hWgcijFWWDTJRJph4aBTb3ODelNbhLow2aCFtCtVgSU9aDkKaDkk99Dwa:ANQYgceMSgW7LL2aC3/7awKawE9wA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16ab3322f45ae5bbdbf482829d3ec86c_JaffaCakes118

Files

16ab3322f45ae5bbdbf482829d3ec86c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

781011031cc2d50601c92cbbde13cfb6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHIsLowMemoryMachine
ord16
SHRegCloseUSKey
PathQuoteSpacesW
PathFindFileNameW
SHSetThreadRef
StrChrIW
StrCpyNW
PathRemoveFileSpecW
PathAppendW

imm32

ImmGetConversionListA
ImmGetIMCCLockCount

gdi32

SetTextColor
SetBkMode
SelectPalette
SelectObject
Polyline
GetObjectW
GetDeviceCaps
GetCurrentPositionEx
DeleteObject
CreatePen

kernel32

LoadLibraryW
LocalFree
QueryPerformanceCounter
SetEvent
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
UnmapViewOfFile
lstrcpynW
GetModuleHandleW
CloseHandle
CreateFileMappingW
CreateFileW
CreateProcessW
CreateThread
DeleteCriticalSection
EnterCriticalSection
GetCommandLineW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleA
LoadLibraryExA
GetProcAddress
GetStartupInfoA
GetTempFileNameW
GetTickCount
GetWindowsDirectoryW
GlobalFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection

shell32

RealShellExecuteExW
DuplicateIcon
DragAcceptFiles
CommandLineToArgvW
SHUpdateRecycleBinIcon

user32

PeekMessageA
CountClipboardFormats

dbghelp

DbgHelpCreateUserDump
MiniDumpReadDumpStream
MiniDumpWriteDump
SymEnumerateModules64
SymGetLineFromAddr64
SymGetOptions
vc7fpo

Sections

.text
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

781011031cc2d50601c92cbbde13cfb6

Headers

File Characteristics

Imports

shlwapi

imm32

gdi32

kernel32

shell32

user32

dbghelp

Sections

.text Size: 15KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 3KB

.text
Size: 15KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 3KB