3da5a27c484a248682bf3249d57dc030_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3da5a27c484a248682bf3249d57dc030_JaffaCakes118
Size

230KB
MD5

3da5a27c484a248682bf3249d57dc030
SHA1

0ac328ed4ad5b9261c7093c7e9264268d441e26a
SHA256

dad338ccc1d221f2e3c9e2d4828a77d03947eb5975b0c2e1432fa1bb39fa73ac
SHA512

77f44c7822dcc522d6f7d3948ec822637e4213d768af48d5f700a6841c49f5d0538c0202bbf264b9bcfbe0e36b5833db2f6943fe88123c8e66ea4a29736c5472
SSDEEP

6144:koNH0fIgmUfB3hr0dlFOsZuc4Cp1RKgVBkQsg:10fZhr05HZuFCpdkQs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3da5a27c484a248682bf3249d57dc030_JaffaCakes118

Files

3da5a27c484a248682bf3249d57dc030_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cda7e6fe53fed92f9b49ecd7a00a75be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

ChooseColorA
GetFileTitleA
GetOpenFileNameA
FindTextA
GetFileTitleA
GetOpenFileNameA
FindTextA
GetSaveFileNameA
ChooseColorA

ole32

CoDisconnectObject
CreateOleAdviseHolder
CoReleaseMarshalData
OleCreateStaticFromData
CoGetContextToken
CoGetObjectContext

gdi32

LineTo
CreateDIBitmap
GetCurrentPositionEx
CreateCompatibleBitmap
RestoreDC

user32

BeginPaint
AdjustWindowRectEx
CallNextHookEx

msvcrt

wcschr
wcscspn
wcstol
rand

kernel32

VirtualAlloc
GetVersionExA
GetProcAddress
Sleep
ExitThread
GetModuleHandleW
IsBadHugeReadPtr
GetModuleHandleA
LocalAlloc
ExitProcess
CloseHandle
LoadLibraryA
lstrlenA

version

VerFindFileA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA

oleaut32

SysAllocStringLen
VariantChangeType
VariantCopyInd
SafeArrayUnaccessData
SafeArrayCreate
OleLoadPicture
SafeArrayGetElement
SafeArrayPtrOfIndex

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA

shlwapi

SHQueryInfoKeyA
PathFileExistsA

comctl32

ImageList_GetBkColor
ImageList_Write
ImageList_Add
ImageList_DrawEx
ImageList_Draw
ImageList_Create
ImageList_Remove
ImageList_Destroy
ImageList_DragShowNolock
ImageList_Read
ImageList_DragShowNolock
ImageList_Draw
ImageList_Create
ImageList_Write
ImageList_DrawEx
ImageList_Destroy
ImageList_Add
ImageList_Read

shell32

Shell_NotifyIconA
SHGetDesktopFolder
DragQueryFileA

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ddata
Size: 512B - Virtual size: 291B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cda7e6fe53fed92f9b49ecd7a00a75be

Headers

File Characteristics

Imports

comdlg32

ole32

gdi32

user32

msvcrt

kernel32

version

oleaut32

advapi32

shlwapi

comctl32

shell32

Sections

.text Size: 59KB - Virtual size: 59KB

.rdata Size: 1024B - Virtual size: 100KB

.data Size: 6KB - Virtual size: 6KB

.ddata Size: 512B - Virtual size: 291B

.cdata Size: 153KB - Virtual size: 152KB

.gdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 980B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 59KB - Virtual size: 59KB

.rdata
Size: 1024B - Virtual size: 100KB

.data
Size: 6KB - Virtual size: 6KB

.ddata
Size: 512B - Virtual size: 291B

.cdata
Size: 153KB - Virtual size: 152KB

.gdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 980B

.reloc
Size: 2KB - Virtual size: 1KB