2ab1777dddc1c4bf39a414e58044ced4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ab1777dddc1c4bf39a414e58044ced4_JaffaCakes118
Size

171KB
MD5

2ab1777dddc1c4bf39a414e58044ced4
SHA1

f44c47780170dc72aaf87ecec83ae312cb987f2c
SHA256

ceba138141fe9e1c94d4b86891425b59c6b61c7be3a147a083ac1c0787ec9178
SHA512

fb1d6535ea3ad8c80afcb90ac70a4bb5ae2ca88a0c4c14418b912bc48f8cf162451f87bdf4dc8270a96efa398f6ad1cccfd9595ca0f4baf8fe84936c5a02d956
SSDEEP

3072:g6TTH0FYIYksEEWzW+dNGW0NLuxeqxFUQ3QT2UxLekclM9S7:g6TTUwkeWi+KW0pu0qMIQT2lkd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ab1777dddc1c4bf39a414e58044ced4_JaffaCakes118

Files

2ab1777dddc1c4bf39a414e58044ced4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c95cf88903ecc2e9cffe4eb0ab20e807

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetOEMCP
GetSystemDefaultLangID
ResetEvent
CloseHandle
WriteFile
ExitProcess
VirtualAllocEx
LoadResource
lstrlenA
LocalAlloc
LoadLibraryA
ExitThread
GetVersionExA
lstrcpynA
GetCurrentProcess
SizeofResource

advapi32

RegQueryValueExA

gdi32

CreateDIBSection
CreateBitmap
SetPixel
CreateBrushIndirect
SelectPalette
GetClipBox
BitBlt

user32

SetCursor
LoadStringA
PostQuitMessage
DefMDIChildProcA
SetWindowsHookExA
IsWindow
GetActiveWindow
IsWindowVisible
CharNextA
EqualRect
CreatePopupMenu
GetSysColorBrush
SystemParametersInfoA
SetClipboardData
CharToOemA
GetWindow
IsRectEmpty
GetScrollPos
GetFocus
OemToCharA
MessageBeep
CallWindowProcA
GetClassInfoA
SendMessageW

oleaut32

SafeArrayCreate
RegisterTypeLib
SysStringLen
SysAllocStringLen
GetErrorInfo
SafeArrayUnaccessData
SysReAllocStringLen
SafeArrayPtrOfIndex

version

VerQueryValueA
GetFileVersionInfoSizeA

shell32

SHGetFolderPathA
DragQueryFileA
SHFileOperationA
SHGetDiskFreeSpaceA
SHGetSpecialFolderLocation

comctl32

ImageList_Read
ImageList_Add
ImageList_Remove
ImageList_GetBkColor
ImageList_Create
ImageList_Draw
ImageList_Destroy
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_Write

comdlg32

GetFileTitleA
FindTextA
GetOpenFileNameA
GetSaveFileNameA

Sections

CODE
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 143KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c95cf88903ecc2e9cffe4eb0ab20e807

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

oleaut32

version

shell32

comctl32

comdlg32

Sections

CODE Size: 15KB - Virtual size: 14KB

.data Size: 143KB - Virtual size: 258KB

DATA Size: 3KB - Virtual size: 2KB

.tls Size: 9KB - Virtual size: 9KB

CODE
Size: 15KB - Virtual size: 14KB

.data
Size: 143KB - Virtual size: 258KB

DATA
Size: 3KB - Virtual size: 2KB

.tls
Size: 9KB - Virtual size: 9KB