e309aa7d1c52cac3b0f03e281d342e16_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e309aa7d1c52cac3b0f03e281d342e16_JaffaCakes118
Size

197KB
MD5

e309aa7d1c52cac3b0f03e281d342e16
SHA1

ae666497af97f1c48a814d9e694273c8872e81d5
SHA256

baadc9af4d7dbec9d98bd1de225346bfc879515f67e987d48501c4da59f6d0b0
SHA512

15270bd749ff69e1bbaed52cf0c871d05090797a1c29df44440ee267dfcdc8f5bfc1b8f9921146ba42a863634445a3ff462d4dc3c43d88ffd92822c8a053eb75
SSDEEP

6144:ZhGOF3Gh261K8G+mmWgGajCAB/rZmID2pNw:ZhGig1G0GajCAB/IDpNw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e309aa7d1c52cac3b0f03e281d342e16_JaffaCakes118

Files

e309aa7d1c52cac3b0f03e281d342e16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4871c6225a710aeda9451ed5e8336f45

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetTapeParameters
GetCurrentProcessId
ClearCommError
Sleep
GetWindowsDirectoryA
GetLocalTime
FindClose
EnumResourceNamesA
ExitProcess
GetVersion
InterlockedExchange
FindFirstFileA

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation

oleacc

LresultFromObject
CreateStdAccessibleObject

user32

LoadCursorA
FillRect
ReleaseCapture
GetDlgItem
SetWindowLongA
IsWindow
GetWindowLongA
GetWindowInfo
SetCursor
SetWindowPos
MoveWindow
ReleaseDC
GetDC
GetSysColor
SetCapture

advapi32

RegOpenKeyExA
RegOpenKeyA
RegCloseKey
RegEnumKeyExA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

winmm

mciSendCommandA
sndPlaySoundA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

gdi32

Rectangle
SelectObject
SetTextColor
SetBkMode
DeleteDC
DeleteObject
CreateCompatibleDC
GetObjectA
BitBlt
GetDeviceCaps
CreateFontIndirectA
DeleteMetaFile
CreateSolidBrush
SaveDC
TextOutA
GetTextExtentPoint32A
EnumFontFamiliesExA
CreateRectRgn
RestoreDC
GetStockObject
CreateCompatibleBitmap

ole32

ProgIDFromCLSID
CoTaskMemFree
StringFromCLSID

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4871c6225a710aeda9451ed5e8336f45

Headers

File Characteristics

Imports

kernel32

shell32

oleacc

user32

advapi32

winmm

version

gdi32

ole32

Sections

.text Size: 161KB - Virtual size: 161KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 32KB - Virtual size: 31KB

.lib Size: 512B - Virtual size: 104KB

.text
Size: 161KB - Virtual size: 161KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 32KB - Virtual size: 31KB

.lib
Size: 512B - Virtual size: 104KB