37bb4cf48ee976a7446d305158ac9956_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37bb4cf48ee976a7446d305158ac9956_JaffaCakes118
Size

130KB
MD5

37bb4cf48ee976a7446d305158ac9956
SHA1

c226a46b894e40edb22461988711c351bae9f0d1
SHA256

7571153cd79111fc140aca99e7211bcf4c6ae686e9a3dcc652dbb54784dfcd56
SHA512

701b53b62c8699d57534507dbcf655fa27965cea388918208edf5a5d9e0a25f43f41f40031b104ed8d6f9a9c510770420b02df76a09d340de8b91131b85f6d6f
SSDEEP

3072:HqzTHcBKAz5MuwdNp0UcGZTDvzI0/pDszMc/c5TvbX7SYNd/:KzTHX65MuC4UcGxj/ds7E5/XVN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37bb4cf48ee976a7446d305158ac9956_JaffaCakes118

Files

37bb4cf48ee976a7446d305158ac9956_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c154b14b3231e4c7f6ed38ee52cac3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CreateServiceW
ControlTraceA
BuildTrusteeWithNameA
CancelOverlappedAccess
CredRenameW
ConvertSidToStringSidA

rpcrt4

RpcStringFreeW

user32

RemoveMenu
SetCursor
DeleteMenu
LoadStringW
CreatePopupMenu
SetMenuDefaultItem
GetMenuItemCount
DestroyMenu
SendMessageW
LoadMenuW
SetWindowTextW
CharNextW
GetMenuItemInfoW
InsertMenuW
MessageBoxW
RegisterClipboardFormatW
InsertMenuItemW
GetSubMenu
LoadCursorW

msvcrt

malloc
_except_handler3
memmove
_adjust_fdiv
_initterm
free

shlwapi

PathAppendW
StrFormatKBSizeW
StrRetToBufW
PathAddBackslashA
PathFindFileNameW
wnsprintfW
StrCpyNW
PathFindFileNameA
SHStrDupW
PathCombineW
StrCmpNW

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory
RtlAddAce

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListA
SHBindToParent
ShellExecuteW
SHGetPathFromIDListW

kernel32

InterlockedDecrement
GetWindowsDirectoryW
lstrlenW
GetProcAddress
LocalFree
GetStartupInfoA
lstrcpynA
GlobalUnlock
_lwrite
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetCurrentProcessId
GlobalHandle
GlobalAlloc
GetSystemTimeAsFileTime
LocalAlloc
GetTempPathW
_llseek
GlobalLock
lstrlenA
GetCurrentThreadId
GetTickCount
lstrcmpW
GlobalFree
GetModuleFileNameW
GetModuleHandleW
CreateFileW
UnhandledExceptionFilter
GetVersionExW
LoadLibraryW
SetThreadPriority
TerminateProcess
QueryPerformanceCounter
FreeLibrary
_lread
GetTempFileNameW
GetSystemDirectoryW
InterlockedIncrement
lstrcpynW
GetShortPathNameW
GetCurrentThread
SetUnhandledExceptionFilter
GetCurrentProcess
lstrcmpiW

ole32

CoCreateInstance
CoTaskMemFree
ReleaseStgMedium
CoInitializeEx
CoUninitialize
OleSetClipboard

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c154b14b3231e4c7f6ed38ee52cac3e

Headers

File Characteristics

Imports

advapi32

rpcrt4

user32

msvcrt

shlwapi

ntdll

shell32

kernel32

ole32

Sections

.text Size: 109KB - Virtual size: 109KB

.rsrc Size: 106KB - Virtual size: 106KB

.rdata Size: 229KB - Virtual size: 228KB

.data Size: 4KB - Virtual size: 928KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 109KB - Virtual size: 109KB

.rsrc
Size: 106KB - Virtual size: 106KB

.rdata
Size: 229KB - Virtual size: 228KB

.data
Size: 4KB - Virtual size: 928KB

.reloc
Size: 512B - Virtual size: 36B