41d624fc91ba25d88eb7dca00a141148_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41d624fc91ba25d88eb7dca00a141148_JaffaCakes118
Size

935KB
MD5

41d624fc91ba25d88eb7dca00a141148
SHA1

32063aca7e2d101b03fc9bdf806fd399cb178025
SHA256

e6a3dd3af5e6a8ffe2eaef9bedde3105e602804ce82575edf9d072bb091ec552
SHA512

d6a07f854d190826968d8b21aea1ac857fbe6e2f38d1f761d11a700ea1f94534e0f9d2ffef3c804bb51f205fad759291714598f7e25a7d61c0a7303e874e0163
SSDEEP

12288:exHh2R4gOX6BWzw+gjv/XOnfuKcsLu3tFVJAQglDhf/tZK8htV9mUBHQ2XE:NR4doWzsjWfOsLu3ThkFl0Cz8UBw20

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41d624fc91ba25d88eb7dca00a141148_JaffaCakes118

Files

41d624fc91ba25d88eb7dca00a141148_JaffaCakes118
.exe windows:5 windows x86 arch:x86

51b8a5a36e999d32858dfa7f476143e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

AssocQueryStringW
AssocCreate
SHSetValueW
SHGetValueW
SHDeleteValueW
SHDeleteKeyW
PathCreateFromUrlW
UrlEscapeW
UrlUnescapeW
PathStripToRootW
PathStripPathW
PathSkipRootW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBlanksW
PathRemoveBackslashW
PathParseIconLocationW
PathIsURLW
PathIsUNCServerW
PathIsNetworkPathW
PathIsUNCW
PathIsRootW
PathIsDirectoryW
PathFindNextComponentW
PathFindFileNameW
PathFindExtensionW
PathCanonicalizeW
PathAppendW
StrRetToBufW
StrRetToStrW
StrCmpIW
StrCmpW
StrTrimW
StrToIntExW
StrToIntW
StrStrIW
StrStrW
StrPBrkW
StrFormatByteSizeW
StrDupW
StrCmpNIW
StrCmpNW
StrChrIW
StrChrW

comdlg32

CommDlgExtendedError
ChooseFontW
FindTextW
GetSaveFileNameW
PageSetupDlgW

kernel32

GetConsoleCP
FlushFileBuffers
LCMapStringW
HeapSize
GetStringTypeW
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
GetConsoleMode
IsDebuggerPresent
GetOEMCP
GetACP
IsValidCodePage
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
IsProcessorFeaturePresent
CreateFileW
GetProcAddress
VirtualAlloc
GetEnvironmentStringsW
GetLastError
GetFileType
SetEndOfFile
MulDiv
lstrcmpW
GetSystemDirectoryW
CreateDirectoryW
GetFileAttributesW
GetCPInfo
WideCharToMultiByte
WriteFile
GetModuleFileNameW
GetStartupInfoW
DeleteCriticalSection
GetStdHandle
GetProcessHeap
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
GetCurrentThreadId
SetLastError
GetCommandLineW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter

oleaut32

CreateErrorInfo
GetErrorInfo
SetErrorInfo
VarNeg
VarBoolFromStr
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VarR8FromStr
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayGetLBound
SysFreeString

setupapi

CM_Get_Device_IDW
SetupDiCallClassInstaller
SetupDiGetDeviceInstanceIdW
SetupOpenFileQueue
SetupFindFirstLineW

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 751KB - Virtual size: 750KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51b8a5a36e999d32858dfa7f476143e2

Headers

File Characteristics

Imports

shlwapi

comdlg32

kernel32

oleaut32

setupapi

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 751KB - Virtual size: 750KB

.data Size: 12KB - Virtual size: 6.8MB

.rsrc Size: 99KB - Virtual size: 99KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 751KB - Virtual size: 750KB

.data
Size: 12KB - Virtual size: 6.8MB

.rsrc
Size: 99KB - Virtual size: 99KB