d67eaec6c1a227e6d87f783a586509f2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d67eaec6c1a227e6d87f783a586509f2_JaffaCakes118
Size

307KB
MD5

d67eaec6c1a227e6d87f783a586509f2
SHA1

f1f3fa6fb253511d6521f712805fbfe1be75ea7f
SHA256

5b01eb0e020d45ae5e32cb467da96fe3628fdf95dfa2bc331b2e318fe6f17143
SHA512

6888c584b9fd90a1dc67157508a93247b61db5aa7e92e925f8f65fcb241e7331f16d06bd31a698e2b650fdb2a6ebe109bea30f78a778a0d5029bd5bf84f93486
SSDEEP

6144:Lw9++bLjS10iDOEhAOlj/uuJudyHj+VABWviGvQx:wvS6iDPNptyVAmQx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d67eaec6c1a227e6d87f783a586509f2_JaffaCakes118

Files

d67eaec6c1a227e6d87f783a586509f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3e899f66e75e71255e8b5a50d9ac7f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
lstrlenW
LeaveCriticalSection
GetProcessHeap
DeleteCriticalSection
CloseHandle
EnterCriticalSection
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetFileInformationByHandle
LockResource
FindResourceW
RaiseException
GetCurrentThreadId
HeapSize
CompareFileTime
IsProcessorFeaturePresent
SizeofResource
HeapFree
LoadResource
GetSystemTimeAsFileTime
FindResourceExW
HeapDestroy
SwitchToThread
HeapReAlloc
IsDebuggerPresent
CreateFileW
VirtualAlloc

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

oleaut32

VariantInit
SysAllocStringLen
UnRegisterTypeLi
VariantClear
VarBstrCmp
VariantChangeType
SysStringLen
SysStringByteLen
SafeArrayLock
LoadRegTypeLi
VarBstrCat
SysAllocStringByteLen
SafeArrayUnlock
SafeArrayDestroy
RegisterTypeLi
SafeArrayGetUBound
SysAllocString
SafeArrayGetLBound
SysFreeString
SafeArrayGetVartype
VarBstrFromDec
SetErrorInfo

user32

CharNextW
RegisterWindowMessageW
GetDC
CharPrevA
MessageBoxIndirectW
DestroyCursor
GetMessageA
GetScrollPos
LoadImageW
wsprintfA
WaitForInputIdle
wvsprintfW
LoadIconA
LoadMenuA
PostMessageW
EnumWindows
TrackPopupMenuEx
GetMenuItemRect

ole32

IIDFromString
StringFromGUID2
CLSIDFromString
CoCreateInstance

gdi32

GetLayout

shimeng

SE_DllUnloaded
SE_ProcessDying
SE_DynamicShim
SE_InstallBeforeInit

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3e899f66e75e71255e8b5a50d9ac7f3

Headers

File Characteristics

Imports

kernel32

advapi32

oleaut32

user32

ole32

gdi32

shimeng

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 269KB - Virtual size: 400KB

.rdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 17KB - Virtual size: 26KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 269KB - Virtual size: 400KB

.rdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 17KB - Virtual size: 26KB