29dea566d77ccde02251108c7684b010_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29dea566d77ccde02251108c7684b010_JaffaCakes118
Size

284KB
MD5

29dea566d77ccde02251108c7684b010
SHA1

38f30337f34c3e9f444d53fc3fa99efa3cbc11fc
SHA256

6523eeb4ba8caa41818267384106d7c3a055c667a99eec5c4c3957cb19a26a9a
SHA512

9a6180c5e210c09a5201fcbe6a9ead29dc32864925b33d037698b16be8bd2e0d9b260eff768446561af7f5aeabdc65b6005bf1d48b63ce2b0105782ce31c1cca
SSDEEP

6144:pIWJbkFxexS4eGDoKP2jVQPR7MvocDwd:hnxS4Foha57Mvo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29dea566d77ccde02251108c7684b010_JaffaCakes118

Files

29dea566d77ccde02251108c7684b010_JaffaCakes118
.exe windows:4 windows x86 arch:x86

abdba5ff7e310e9a50085b82a42c3e2b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

backfman.pdb

Imports

kernel32

CompareStringW
SetFileAttributesW
GetVolumePathNameW
VirtualAlloc
GetProcessPriorityBoost
CloseHandle
QueueUserAPC
LoadLibraryExA
InterlockedCompareExchange
GetPrivateProfileIntA
EnumTimeFormatsW
GetPrivateProfileSectionNamesA
ReleaseMutex
CreateFileW
HeapQueryInformation
FindNextVolumeMountPointW
GlobalFree
SetThreadAffinityMask
EnumUILanguagesW
BeginUpdateResourceA
GlobalAddAtomA
IsValidLocale
PrepareTape
GetPrivateProfileSectionW
GetProcessIoCounters
GetDateFormatA
GetSystemTimeAsFileTime

user32

LockWorkStation
GetWindowInfo
GetKeyboardLayoutList
GetClipboardData
FindWindowExW
ReleaseDC
TrackPopupMenu
EqualRect
DrawIconEx
GetWindowRect
keybd_event
LookupIconIdFromDirectory
LoadImageA

ole32

HACCEL_UserSize
CreateBindCtx
OleBuildVersion
STGMEDIUM_UserSize
CoGetCallContext
CoEnableCallCancellation
CoRegisterChannelHook
CoLoadLibrary
OleConvertIStorageToOLESTREAMEx
OleCreateDefaultHandler

advapi32

AddAccessAllowedObjectAce
ControlService
EqualSid
GetServiceDisplayNameW
SetFileSecurityA
ReadEncryptedFileRaw
RegOpenUserClassesRoot
CloseEventLog
LookupPrivilegeDisplayNameA
BackupEventLogW
RegQueryValueA
CreateRestrictedToken
DecryptFileW
SetThreadToken
GetUserNameA
GetSidSubAuthorityCount
EncryptFileA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
GetFileSecurityA
LookupPrivilegeValueA
AddAuditAccessAce
ObjectPrivilegeAuditAlarmA
ObjectOpenAuditAlarmW

ws2_32

WSAGetLastError

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abdba5ff7e310e9a50085b82a42c3e2b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

advapi32

ws2_32

Sections

.text Size: 241KB - Virtual size: 241KB

.data Size: 9KB - Virtual size: 11KB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 241KB - Virtual size: 241KB

.data
Size: 9KB - Virtual size: 11KB

.rsrc
Size: 32KB - Virtual size: 32KB