3e1db7fd3468cded2187f787b670b7ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e1db7fd3468cded2187f787b670b7ff_JaffaCakes118
Size

2.3MB
MD5

3e1db7fd3468cded2187f787b670b7ff
SHA1

05ca42c9001915baceb1b54c8843d949fda7384e
SHA256

e58e226d50c36681e7db9e7fda58d0058ddc4a81e4b27bc19fec785050d47726
SHA512

a02e82207a725a045c6f2a5af20dceaaff59202b95e8c7897f076fe39c7bc800a610c5400626cac9662808e5bfed37e5efbe6b19c69d7692f99cc1d04a053094
SSDEEP

49152:QMGMjo6sDD56jDJWR6RO61OU1Cy9N3sOCJAv9p34ZCxAUGKA+gKRw+Hk:F9o6KD0JX17PcLJAv92UAmpRw+E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e1db7fd3468cded2187f787b670b7ff_JaffaCakes118

Files

3e1db7fd3468cded2187f787b670b7ff_JaffaCakes118
.exe windows:5 windows x86 arch:x86

26fc1bcdd907c402d9d7da5b30059cd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

isdigit
__initenv
wcstoul
_CxxThrowException
_purecall
free
isxdigit
strncmp
_wcsdup
qsort
_XcptFilter
wcstok
_adjust_fdiv
wcscspn
_local_unwind2
_ltoa
_wcsnicmp

rpcrt4

RpcBindingVectorFree
NdrClientCall2
RpcBindingSetAuthInfoExW
RpcStringBindingParseW
RpcStringFreeW
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
NdrServerCall2
RpcImpersonateClient
NdrStubCall2
NdrDllRegisterProxy
CStdStubBuffer_QueryInterface
RpcServerUseProtseqEpW
CStdStubBuffer_Connect
UuidFromStringW
NdrCStdStubBuffer_Release
CStdStubBuffer_Disconnect
RpcBindingFree
RpcBindingToStringBindingW
NdrOleFree
RpcServerInqBindings
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_AddRef
NdrCStdStubBuffer2_Release
RpcServerUnregisterIf
UuidToStringW
IUnknown_QueryInterface_Proxy
CStdStubBuffer_DebugServerQueryInterface

comdlg32

GetOpenFileNameA
PrintDlgA
ChooseColorA
FindTextW
CommDlgExtendedError
PrintDlgExW
GetFileTitleA
PrintDlgW

user32

FillRect
RegisterWindowMessageA
LoadCursorW
CharLowerW
SetWindowPos
LoadBitmapA
GetDC
CreateWindowExA
GetWindowLongA
ReleaseDC
EqualRect
IsIconic
SetWindowRgn
SetCapture
GetSystemMenu
DestroyMenu
GetWindowTextW
SetWindowLongA
GetWindowTextLengthW
KillTimer
CreateDialogParamW
CharNextA
SendMessageA

kernel32

OpenMutexW
UnhandledExceptionFilter
GetExitCodeThread
GetFileSize
GetStdHandle
ExitProcess
GetModuleHandleW
IsBadReadPtr
GetCurrentThreadId
GetModuleHandleA
VirtualAlloc
FindResourceW
LockResource
GetConsoleMode
TlsSetValue
CloseHandle
GetCommandLineW
GetProcessHeap
LoadResource
GetOEMCP
GetFileAttributesA
GlobalUnlock
GetThreadLocale
OpenEventW
GetVersion
GetDriveTypeW
OutputDebugStringA
MultiByteToWideChar
WaitForSingleObject
Sleep
FindClose
OpenEventA
SetFilePointer
GetTickCount
HeapDestroy
GetFileAttributesW
LoadLibraryExW
IsBadWritePtr
QueryPerformanceCounter
WaitForMultipleObjects

version

GetFileVersionInfoA
VerLanguageNameA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueA
VerFindFileW
VerQueryValueW

advapi32

RegisterTraceGuidsW
RegConnectRegistryW
GetLengthSid
RegCreateKeyExA
LsaFreeMemory
LsaOpenPolicy
GetTraceEnableLevel
RegDeleteValueW
DuplicateTokenEx
GetSidSubAuthority
RegSetValueW
GetTokenInformation
DeleteService
LookupPrivilegeValueW
OpenSCManagerA
MakeSelfRelativeSD
ReportEventW
OpenSCManagerW
RevertToSelf
GetUserNameA
RegSetValueExW
LsaClose
SetNamedSecurityInfoW
RegEnumKeyW
GetSecurityDescriptorOwner
RegEnumValueW
RegSetValueExA
GetSidLengthRequired
RegQueryValueA
LsaQueryInformationPolicy

shlwapi

PathFindExtensionW
PathCombineW
PathStripToRootW
StrCmpNIW
AssocQueryStringW
StrRChrW
PathAddBackslashW
StrStrW
PathIsUNCW
PathFindFileNameA
StrToIntW
UrlCanonicalizeW
PathRemoveBackslashW
StrCmpIW
StrCatW
PathGetDriveNumberW
PathRemoveFileSpecA
PathFindExtensionA
StrDupW
StrChrW
PathFileExistsW
StrCmpNIA

comctl32

CreateStatusWindowW

Sections

.tls
Size: 1024B - Virtual size: 997B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 489B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.code
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 1024B - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 1024B - Virtual size: 999B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26fc1bcdd907c402d9d7da5b30059cd5

Headers

File Characteristics

Imports

msvcrt

rpcrt4

comdlg32

user32

kernel32

version

advapi32

shlwapi

comctl32

Sections

.tls Size: 1024B - Virtual size: 997B

.edata Size: 512B - Virtual size: 489B

.code Size: 2.2MB - Virtual size: 2.2MB

.bss Size: 1024B - Virtual size: 3.7MB

.CRT Size: 1024B - Virtual size: 999B

.tls Size: - Virtual size: 11KB

.rsrc Size: 98KB - Virtual size: 98KB

.tls
Size: 1024B - Virtual size: 997B

.edata
Size: 512B - Virtual size: 489B

.code
Size: 2.2MB - Virtual size: 2.2MB

.bss
Size: 1024B - Virtual size: 3.7MB

.CRT
Size: 1024B - Virtual size: 999B

.tls
Size: - Virtual size: 11KB

.rsrc
Size: 98KB - Virtual size: 98KB