3e29fb085c801700777b81e4b7ddbe3f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3e29fb085c801700777b81e4b7ddbe3f_JaffaCakes118
Size

68KB
MD5

3e29fb085c801700777b81e4b7ddbe3f
SHA1

654fee427c8ec279aa0e18139ee956efa058b62a
SHA256

06c6f3fe4ab8e3ab412986bc1c060864b48df7a3614ade3001c8252a0aaaae2b
SHA512

bd0a51560544899d54538559d6d27a4cdbc9e618631fdcc1534a04a8824574132cfe0a18f1a2717f5fe12a9da84311229e675f883bccaafd5b4edce68b0d97d9
SSDEEP

1536:WUkecUvI3/FSvc6A12oPmxGIzP/d/y/3kKAgo3LG6Lpu:bb60A12oexGIzP/p37L1Lp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e29fb085c801700777b81e4b7ddbe3f_JaffaCakes118

Files

3e29fb085c801700777b81e4b7ddbe3f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ca16406a9d2ad9ade05fe97c1d826d33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetErrorMode
GetPrivateProfileStringW
WriteFile
GlobalUnlock
LoadLibraryExW
GetSystemTimeAsFileTime
DeleteFileW
GetTempFileNameW
GetEnvironmentVariableW
GlobalSize
GlobalReAlloc
LoadResource
FreeLibrary
EnumResourceNamesW
GetWindowsDirectoryW
GetLastError
MoveFileW
GetDriveTypeW
MulDiv
WritePrivateProfileStringW
WinExec
ExitProcess
GetStartupInfoW
GetCommandLineW
LoadLibraryW
GetThreadLocale
FindResourceW
LockResource
FreeResource
LocalFree
CreateFileW
ReadFile
SetFilePointer
MultiByteToWideChar
ExpandEnvironmentStringsW
GetModuleHandleW
GetProcAddress
SetLastError
FindFirstFileW
FindClose
SearchPathW
Sleep
GlobalAlloc
CreateProcessW
CloseHandle
GetPrivateProfileSectionW
GlobalLock
lstrcmpW
GlobalFree
lstrcpyW
lstrcatW
lstrcmpiW
lstrcpynW
lstrlenW
lstrlenA
GetModuleFileNameW
LocalAlloc
RemoveDirectoryW
SetFileAttributesW

gdi32

GetDeviceCaps
GetTextExtentPointW
GetTextExtentExPointW

user32

DdeClientTransaction
wsprintfW
LoadStringW
GetWindow
CharNextW
SetPropW
DdeQueryNextServer
GetPropW
FindWindowW
GetClassNameW
DdeConnectList
DdeCreateStringHandleW
GetDesktopWindow
DdeFreeStringHandle
DdeUninitialize
DdeInitializeW
SetForegroundWindow
CopyRect
DdeDisconnectList
LookupIconIdFromDirectory
CreateDialogParamW
EnableMenuItem
GetSystemMenu
GetDC
DestroyWindow
GetClientRect
SendDlgItemMessageW
DispatchMessageW
SystemParametersInfoW
LoadCursorW
SetCursor
GetLastActivePopup
wvsprintfW
GetSystemMetrics
PeekMessageW
MessageBoxW
GetDlgItem
SetDlgItemTextW
ReleaseDC

advapi32

RegQueryValueW
RegEnumKeyExW
RegCloseKey
RegSetValueW
RegOpenKeyW
RegEnumValueW
RegCreateKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueExW
RegOpenKeyExW

comctl32

ord328
ord334
ord365
ord320
ord321
ord326
ord323
ord73
ord236
ord358
ord235
ord324
ord17
ord332

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ord163
ord171
ord63
SHGetSpecialFolderLocation
ord23
ord128
ord25
ord155
ord157
SHGetPathFromIDListW
ShellExecuteExW
ord96
ord195
ord33
ord196
FindExecutableW
ord29
ord37
ord31
SHChangeNotify
ord32
ord39
ord175
ord57
ord49
ord45
ord36
ord119
ord58
ord165
ord56
ord51
ord52
ord79
ord164
SHAddToRecentDocs
ord64
ord89
ord35
ord34
ord94

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca16406a9d2ad9ade05fe97c1d826d33

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

comctl32

version

shell32

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 592B

.rsrc Size: 33KB - Virtual size: 33KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 592B

.rsrc
Size: 33KB - Virtual size: 33KB