3e693cad56b93a95ba968caa54624508_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e693cad56b93a95ba968caa54624508_JaffaCakes118
Size

701KB
MD5

3e693cad56b93a95ba968caa54624508
SHA1

b0ad6fa7427df47eb99cafe130091634dcc07680
SHA256

59ee6c4945b92474f4ac8d9f6f11e24cca9178edd991612e665b75efc00ddf8f
SHA512

98101aa6edf625164aaba069d476042394384346696f135972a9185a3f5bf208174a9d55b56264c34e69ee53377be24f69f2e24222184af733207a1f0f9960fd
SSDEEP

12288:Dx5N1Ice+aHQsUDL6GjAFL2nmIQ3byT5Q5a+Kodv2bT:DTnafwsM6Gs2mIZsvdaT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e693cad56b93a95ba968caa54624508_JaffaCakes118

Files

3e693cad56b93a95ba968caa54624508_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6d14fc6c3d4e5ef1f4be909fe75752e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CoInitializeSecurity
CoCreateFreeThreadedMarshaler
StgOpenStorageEx
ReleaseStgMedium
CoUnmarshalInterface
OleGetClipboard
OleCreateLinkFromData
CoWaitForMultipleHandles
CreateBindCtx
OleCreateFromFile
OleFlushClipboard
OleTranslateAccelerator
STGMEDIUM_UserFree

crypt32

CertVerifyCTLUsage

shlwapi

PathRemoveBackslashA
UrlUnescapeA
SHGetValueW
StrCmpW
PathCreateFromUrlA
PathIsSystemFolderW
PathUndecorateW
PathFindExtensionW
PathIsFileSpecW
SHSetValueA
PathAddBackslashW
SHRegGetBoolUSValueA
AssocCreate
SHRegSetPathW
PathGetDriveNumberA
UrlCanonicalizeW

msvcrt

_ltoa
wcsrchr
strcspn
_itoa
iswalpha
_CxxThrowException
??_V@YAXPAX@Z
_putws
exit
??2@YAPAXI@Z
_ftol
localeconv
_getch
_wpopen
??3@YAXPAX@Z
_mbsinc
_mbsdec
_CIsinh
_wcsdup
__initenv
__toascii
_wfindnext64

imagehlp

ImageDirectoryEntryToData
ImageLoad
ImageEnumerateCertificates
CheckSumMappedFile
ImageRvaToVa
SymInitialize
ImageNtHeader
ImageUnload
ImageRvaToSection
EnumerateLoadedModules64
SymSetOptions
ImageGetCertificateData

user32

ValidateRect
GetDesktopWindow
CharLowerA
PackDDElParam
CharUpperBuffW
SendMessageW
RegisterWindowMessageW
SetWindowsHookExW
GetCaretPos
LoadStringA
CloseDesktop
InvalidateRgn
GetCursorInfo
InflateRect
SetWindowTextA
CreateIconFromResource
UnregisterDeviceNotification
GetMenuInfo
GetClassInfoExW
GetKeyboardLayoutList
CloseWindowStation
MsgWaitForMultipleObjects
UpdatePerUserSystemParameters

kernel32

ConvertDefaultLocale
LocalSize
lstrlenW
CloseProfileUserMapping
GetConsoleMode
GetThreadLocale
GlobalReAlloc
GetFileType
TerminateThread
GetLastError
GetSystemDefaultUILanguage
SetConsoleTextAttribute
GetEnvironmentVariableA
SetFileApisToOEM
WaitForSingleObjectEx
EnumSystemLocalesW
WaitNamedPipeA
PostQueuedCompletionStatus
CreateMutexA
ReleaseMutex
GlobalLock
VirtualAlloc
GetLongPathNameA
DebugBreak
DeleteTimerQueue
UnregisterWaitEx
GetStringTypeExA

winmm

mixerGetLineInfoA
midiOutClose
waveInStart
waveInOpen
waveOutUnprepareHeader
waveInGetID
timeGetDevCaps
mciSetDriverData
midiOutReset
mmioGetInfo
midiOutOpen
waveOutGetVolume
waveInGetDevCapsA
mciSendCommandA
timeGetTime
midiStreamProperty
midiOutGetNumDevs
mmioAscend
mmioSetInfo
midiStreamClose
mixerGetNumDevs
PlaySoundW
waveOutGetNumDevs

advapi32

SetTokenInformation
RevertToSelf
GetSidLengthRequired
DecryptFileW
SetServiceStatus
LsaDelete
AreAllAccessesGranted
RegNotifyChangeKeyValue
ReadEventLogW
IsValidSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
SystemFunction041
RegSetValueA
QueryServiceLockStatusW
LsaGetUserName
GetSecurityDescriptorOwner
RegQueryValueExA

Sections

.text
Size: 22KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BSS
Size: 260KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 126B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d14fc6c3d4e5ef1f4be909fe75752e2

Headers

DLL Characteristics

File Characteristics

Imports

ole32

crypt32

shlwapi

msvcrt

imagehlp

user32

kernel32

winmm

advapi32

Sections

.text Size: 22KB - Virtual size: 344KB

.rdata Size: 272KB - Virtual size: 456KB

BSS Size: 260KB - Virtual size: 398KB

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 1024B - Virtual size: 126B

.text
Size: 22KB - Virtual size: 344KB

.rdata
Size: 272KB - Virtual size: 456KB

BSS
Size: 260KB - Virtual size: 398KB

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 1024B - Virtual size: 126B