37b52796be38caddc59cc4e8723603ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37b52796be38caddc59cc4e8723603ca_JaffaCakes118
Size

22KB
MD5

37b52796be38caddc59cc4e8723603ca
SHA1

d047cdf60dc5fd891812fceb79759ff6185094ab
SHA256

db5074b5a958ccbf7ffd61d74636cfdce5423ffa72e44d7048f5ed0442849e9e
SHA512

a8d5260dd78b7e80d4988d9bb3cb527248a10f70f43e75ceb831af11054159585a6fa7dd1a461eb74b57e30a5e6035a6cb82bdfd8a82399e99a87e32a228cdf1
SSDEEP

384:vpwBFniqQuNy6p72Ijhpv7/eJpjH+wwc68012BV:vpAFiqQuCwz/CyLf1a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37b52796be38caddc59cc4e8723603ca_JaffaCakes118

Files

37b52796be38caddc59cc4e8723603ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

183ed5e22256981563e3f56d048f39b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

CreateStubFromTypeInfo
MesEncodeFixedBufferHandleCreate
NDRSContextMarshall
NDRSContextMarshallEx
DllGetClassObject
NDRCContextBinding
MesHandleFree
NdrClientInitialize
DllRegisterServer
MesDecodeIncrementalHandleCreate
NdrByteCountPointerFree
NdrByteCountPointerUnmarshall
MesBufferHandleReset
NdrAllocate
NDRCContextMarshall
NdrByteCountPointerBufferSize
MesInqProcEncodingId
DceErrorInqTextW
NDRcopy
NdrConformantStructBufferSize
NdrAsyncServerCall
NdrAsyncClientCall
CStdStubBuffer_CountRefs
MesIncrementalHandleReset

shell32

IsNetDrive
DllGetVersion
RestartDialog
SHGetSetSettings
SHCoCreateInstance
PathQualify
DllRegisterServer
DllGetClassObject
DriveType
DAD_DragEnterEx
SHChangeNotifyDeregister
DAD_DragMove
Shell_GetImageLists
DAD_DragLeave
DllCanUnloadNow
GetFileNameFromBrowse
SHChangeNotifyRegister
Shell_MergeMenus
PifMgr_OpenProperties
DllInstall
SHILCreateFromPath
PathResolve
DragFinish
DllUnregisterServer
PickIconDlg
DragAcceptFiles
SHStartNetConnectionDialogW
SHDefExtractIconW
IsLFNDrive

kernel32

lstrcatW
IsBadCodePtr
GetFullPathNameW
ExpandEnvironmentStringsA
RemoveDirectoryW
OpenProcess
CreateDirectoryA
LockResource
VirtualAlloc
WriteConsoleW
ResumeThread
GetTempPathA
FindResourceA
SetFileAttributesA
CopyFileW
AddAtomW
GetLastError
VirtualFree
RaiseException
CloseHandle
GetCurrentDirectoryW
DeviceIoControl
SetThreadPriority
LoadResource
IsDBCSLeadByte
ReleaseSemaphore
LoadLibraryExA
GetCurrentProcess
CreateFileMappingW
SizeofResource
FileTimeToLocalFileTime
GetCommandLineW
IsValidCodePage
GetWindowsDirectoryW
ExitProcess
CreateMutexW
OutputDebugStringW
CreateFileMappingA
GetComputerNameW
CreateProcessW

advapi32

AllocateAndInitializeSid
RegOpenKeyExA
RegDeleteValueW
RegDeleteKeyW
CloseServiceHandle
RegEnumValueW
RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor
OpenProcessToken
RegCreateKeyExW
RegDeleteKeyA
RegQueryValueExA
RegEnumKeyExW
RegCreateKeyExA
GetTokenInformation
RegEnumKeyExA
OpenThreadToken
RegDeleteValueA
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW

user32

SendMessageW
LoadStringA
MessageBoxA
UpdateWindow
GetDC
GetDlgItem
GetSystemMetrics
EnableWindow
SetCursor
BeginPaint
SetFocus
CharNextW
SetWindowLongA
EndPaint
GetWindowLongW
PostQuitMessage
LoadStringW
DefWindowProcA
GetParent
GetWindowLongA
InvalidateRect
IsWindow
TranslateMessage
GetClientRect
CharNextA
DispatchMessageA
wsprintfA
EndDialog
ReleaseDC
DestroyWindow
GetSysColor
wsprintfW
GetWindowRect
MessageBoxW
CreateWindowExA

oleaut32

SafeArrayCreate
RegisterTypeLib
VariantCopy
SysReAllocStringLen
VariantChangeType
SafeArrayPtrOfIndex
LoadTypeLib
VariantCopyInd
SafeArrayPutElement
SafeArrayAccessData
SafeArrayGetElement
CreateErrorInfo
VariantChangeTypeEx
VariantClear
SysFreeString
SetErrorInfo
SysStringByteLen
SysAllocStringLen
SafeArrayGetLBound
SysAllocStringByteLen
OleLoadPicture
VariantInit
LoadTypeLibEx
SafeArrayUnaccessData
SafeArrayGetUBound
GetActiveObject

olecli32

OleLockServer

Sections

.textbss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.debug
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

183ed5e22256981563e3f56d048f39b1

Headers

File Characteristics

Imports

rpcrt4

shell32

kernel32

advapi32

user32

oleaut32

olecli32

Sections

.textbss Size: - Virtual size: 12KB

.data Size: 1KB - Virtual size: 1KB

.debug Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.text Size: 512B - Virtual size: 440B

.rsrc Size: 3KB - Virtual size: 3KB

.idata Size: 12KB - Virtual size: 12KB

.textbss
Size: - Virtual size: 12KB

.data
Size: 1KB - Virtual size: 1KB

.debug
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.text
Size: 512B - Virtual size: 440B

.rsrc
Size: 3KB - Virtual size: 3KB

.idata
Size: 12KB - Virtual size: 12KB