415a188d010138b3e9ce533aeb413a93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

415a188d010138b3e9ce533aeb413a93_JaffaCakes118
Size

136KB
MD5

415a188d010138b3e9ce533aeb413a93
SHA1

4c59571ab7c51f85d7f4838d00981ffc9b7e9c0a
SHA256

ddd2e7e01996a283eb4008defa774418010736dc25878fe3ccfd296e00816467
SHA512

71ff35a0e85f90b53f87520064afeb775bab56f7d3c41564b254e9d15d91212a9d4a363f721a1108e54f35f0222ab6c2f482c137377b63a6db6b89958467e5d5
SSDEEP

3072:UiOo1PbdJM0mh8O1YeCIGki0vdbsVHniEtVi3ImxqIabuaGEF+pf:rV+8GG/0vdUH2p2bzGEF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
415a188d010138b3e9ce533aeb413a93_JaffaCakes118

Files

415a188d010138b3e9ce533aeb413a93_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2c98ce082b178a2e17fc891bdf9668a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_vsnwprintf

shlwapi

StrDupA
ord29
StrCmpW

shell32

ord165
SHCreateShellItem
SHGetSpecialFolderLocation

ws2_32

WSAStartup
WSAGetLastError
setsockopt
WSACleanup
WSASetLastError

kernel32

lstrcpyW
GlobalMemoryStatus
GetModuleHandleExA
FindResourceW
FreeLibrary
LoadResource
SystemTimeToFileTime
GlobalSize
SetEvent
GetProcessHeap
GlobalFindAtomA
SetNamedPipeHandleState
GetTimeZoneInformation
GetFileSizeEx
GetStdHandle
FindFirstFileA
GetProcessHeaps
SetStdHandle
GlobalFree
ResetEvent
FindNextFileA
GetFileTime
GetVersion
LocalFree
GlobalReAlloc
lstrcpyA
GetSystemInfo
GetProcAddress
FindResourceExA
GetSystemDirectoryA
WaitForMultipleObjects
GetModuleHandleW
GetFileInformationByHandle
HeapDestroy

user32

DrawTextExW
IsWindowEnabled
GetMessageExtraInfo
GetWindowDC
SetWindowRgn
GetWindowTextLengthW
EndPaint
MoveWindow
IsCharAlphaNumericA
SetClipboardData
UpdateWindow
ChangeClipboardChain
GetWindowPlacement
BeginPaint
MessageBoxIndirectA
ScreenToClient
ClientToScreen
TranslateAcceleratorA
RedrawWindow
DestroyCursor
LoadAcceleratorsA
FindWindowExW
CreateWindowExW
SwitchToThisWindow
GetMessagePos
GetWindowLongW
GetClassWord
GetDC
TranslateMessage
LockWindowUpdate
ScrollDC
CreateIconIndirect
PeekMessageA
LoadCursorA
DispatchMessageW

gdi32

GetObjectW
CreateCompatibleDC
DescribePixelFormat
LPtoDP
GetDCPenColor
GetCharWidthA
Chord
GetStretchBltMode
DeleteObject
UnrealizeObject
GetDeviceCaps
RestoreDC
GetObjectType
GetRasterizerCaps
GetStockObject
SetTextJustification

advapi32

CloseEncryptedFileRaw
WriteEncryptedFileRaw
ObjectPrivilegeAuditAlarmA
ObjectCloseAuditAlarmA
AdjustTokenGroups
PrivilegeCheck
AccessCheckAndAuditAlarmA
SetTokenInformation

Exports

Exports

_Copy_Handle_Information@20
_Find_HandleByType@8
_Get_TypeName_FromList@8
_Get_Type_Name_InList@12
_Update_HandleByType@4

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c98ce082b178a2e17fc891bdf9668a0

Headers

File Characteristics

Imports

ntdll

shlwapi

shell32

ws2_32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.code Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.edata Size: - Virtual size: 160B

DATA Size: 512B - Virtual size: 96B

.rsrc Size: 117KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 676B

.text
Size: 8KB - Virtual size: 8KB

.code
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.edata
Size: - Virtual size: 160B

DATA
Size: 512B - Virtual size: 96B

.rsrc
Size: 117KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 676B