d399245c267e70cb685f840d750a1a43_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d399245c267e70cb685f840d750a1a43_JaffaCakes118
Size

302KB
MD5

d399245c267e70cb685f840d750a1a43
SHA1

68f47faf211ce901d595e2b84cd25d9b3ea627e9
SHA256

f1127e3fbde46460c0f4158d4594467d5aa60e5a9f296a7ee5cb2a54229fa8bd
SHA512

418461e098b132bca3cf6750f35eba7d6036167ba40b80c24a02136faaa32be312cf128a57b3d62804975b885982b5dc5354e3462963b46eadf87174c91861af
SSDEEP

6144:Ja9NFt1kJ3Bod/sc84LRabzGoFsYuc+6H3Gu1VPzphKJIJhrxLbnXKKV:Ja9Hi3Bod/sc8yafXFsf2XXzvfNbn6K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d399245c267e70cb685f840d750a1a43_JaffaCakes118

Files

d399245c267e70cb685f840d750a1a43_JaffaCakes118
.exe windows:4 windows x86 arch:x86

866c2202c21d4eb2ceb64eb46b3bcae8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextW
GetDC
DestroyIcon
CharUpperW
PeekMessageW
MessageBeep
GetMessageW
GetMenuItemInfoA
OffsetRect
CharPrevA
LoadMenuA
SetCapture
LoadBitmapA
CreateAcceleratorTableA
CharUpperA

ole32

CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoTaskMemFree
StringFromCLSID
CoCreateInstance

kernel32

InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
LoadResource
RaiseException
LeaveCriticalSection
IsProcessorFeaturePresent
GlobalUnlock
GetProcessHeap
EnterCriticalSection
GetSystemTimeAsFileTime
GlobalAlloc
lstrlenW
GlobalSize
HeapFree
FindResourceExW
GlobalFree
FindResourceW
GetCurrentDirectoryW
HeapDestroy
IsDBCSLeadByteEx
SwitchToThread
GetFullPathNameW
LockResource
GlobalReAlloc
CreateFileW
UnhandledExceptionFilter
FreeLibrary
IsDebuggerPresent
OutputDebugStringW
GlobalLock
SetThreadLocale
GetTempFileNameW
GetModuleHandleW
HeapReAlloc
CloseHandle
CopyFileW
DeleteFileW
SizeofResource
HeapAlloc
GetThreadLocale
HeapSize
GetCurrentThreadId
GetFileSize
DeleteCriticalSection
ReadFile
GetStartupInfoA
VirtualAlloc

oleaut32

VariantInit
SafeArrayDestroy
SysFreeString
SafeArrayLock
RegisterTypeLi
SysStringByteLen
SafeArrayGetVartype
SafeArrayGetLBound
SysStringLen
LoadRegTypeLi
SysAllocStringLen
UnRegisterTypeLi
VarBstrCat
VarBstrCmp
LoadTypeLi
GetErrorInfo
SafeArrayGetUBound
SafeArrayUnlock
VariantClear
SysAllocStringByteLen
SysAllocString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shlwapi

PathFindFileNameW
PathRenameExtensionW
PathCombineW
PathFindExtensionW
PathCanonicalizeW
PathRemoveFileSpecW
PathIsURLW
PathRemoveExtensionW
PathStripToRootW
PathIsRelativeW
PathFileExistsW

gdi32

GetClipBox

cmutil

CmEndOfStrW
CmStrStrW
GetOSBuildNumber
CmStrTrimW
CmAtolA
CmWinHelp

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 261KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

866c2202c21d4eb2ceb64eb46b3bcae8

Headers

File Characteristics

Imports

user32

ole32

kernel32

oleaut32

version

advapi32

shlwapi

gdi32

cmutil

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 261KB - Virtual size: 464KB

.rdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 261KB - Virtual size: 464KB

.rdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 11KB