9311b14b478c3c60e04e806960c58f73_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9311b14b478c3c60e04e806960c58f73_JaffaCakes118
Size

174KB
MD5

9311b14b478c3c60e04e806960c58f73
SHA1

3a19ecc1dce54ffd892f9ce900482f1df9198f14
SHA256

17664145227c0fd867345333448b0f13228d2214c2e7299918aa133e28e1c5db
SHA512

766740b601c2ac935ce354318672b50ec9669a7fa377df0030da3aebdd24e961d0ac7c0ab30bbbbed1bb14423d7a5bf6e821a462a7417cce301d6273532f1836
SSDEEP

3072:epzzsJBolVdQbqRiicVMRzuEWmRlp5hRCsRpX04bvbNjdP4a5ZDOWC:m/eBoHdQbqRpcVMNufmRl2cpX04vNjhu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9311b14b478c3c60e04e806960c58f73_JaffaCakes118

Files

9311b14b478c3c60e04e806960c58f73_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4eef1ece47f373f656d7ca52878be945

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCalendarInfoW
SetFilePointer
lstrcpyW
FindClose
MoveFileW
GetFileAttributesW
LocalFileTimeToFileTime
FindNextFileW
DeleteFileW
GetCurrentProcessId
GetLocaleInfoW
CreateDirectoryW
WideCharToMultiByte
SystemTimeToFileTime
GetVersion
ReadFile
GetCurrentDirectoryW
FindFirstFileW
EnumResourceNamesA
SetFileTime
EnumResourceLanguagesW
GetSystemDefaultLangID
WriteFile
GetModuleFileNameW
InterlockedDecrement
ExitProcess
CreateFileW
MultiByteToWideChar
LoadLibraryW
RemoveDirectoryW
ConvertDefaultLocale
GetProcAddress

gdi32

GetStockObject
OffsetViewportOrgEx
GetMapMode
TextOutW
SelectObject
GetBkColor
ExtTextOutW
GetTextColor
ScaleWindowExtEx
ScaleViewportExtEx
Escape
SetWindowExtEx
GetDeviceCaps
DeleteDC
PtVisible
SetViewportOrgEx
ExtSelectClipRgn
RectVisible
GetRgnBox

ole32

CoFreeUnusedLibraries
OleIsCurrentClipboard
CoTaskMemAlloc
OleUninitialize
CLSIDFromProgID
CoRetireServer
CoInitialize
CoGetClassObject
CoUninitialize
OleInitialize
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoRevokeClassObject
CreateILockBytesOnHGlobal
OleFlushClipboard
CoCreateInstance
CoTaskMemFree
CLSIDFromString

oleacc

LresultFromObject
CreateStdAccessibleObject

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathFindFileNameW
PathAppendW

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueW
RegQueryValueExW

user32

InvalidateRgn
SetPropW
SetRect
InvalidateRect
CharUpperW
CreateWindowExW
CharNextW
GetClassInfoExW
RemovePropW
GetNextDlgGroupItem
GetClassLongW
IsRectEmpty
GetPropW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
MessageBeep
CopyAcceleratorTableW
GetNextDlgTabItem
DestroyMenu

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4eef1ece47f373f656d7ca52878be945

Headers

File Characteristics

Imports

kernel32

gdi32

ole32

oleacc

shlwapi

advapi32

user32

shell32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 3KB - Virtual size: 3KB

.bss Size: 67KB - Virtual size: 67KB

.edata Size: 1024B - Virtual size: 96KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 3KB - Virtual size: 3KB

.bss
Size: 67KB - Virtual size: 67KB

.edata
Size: 1024B - Virtual size: 96KB