e5e83d8209a8e06089d70e65901b7481_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e5e83d8209a8e06089d70e65901b7481_JaffaCakes118
Size

328KB
MD5

e5e83d8209a8e06089d70e65901b7481
SHA1

dba4cc12a51f6ab845673de37756d2b3f31825e6
SHA256

e37b974823a5def88d1b8857cbe4262ed60d59a7ef7b6854e407d6a2dc8cdc68
SHA512

63b61ab3d5d26aaa318ae36a29dfc2107deedd6b340c54abbeec40b9598a5d6ea1743bdd6c320dddcbafcea5820b2620e4b0b9bfc4d5a45a8808c09b148503b2
SSDEEP

6144:EEKwa30luX+sChrlTxO9M4wt8lfJBXfvUmaeyfXMx3/mQ6YroqS8j6M54IaHSJ7+:jK8luX+ssxTI9WkxxvPWUpeG/+bIn70

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e5e83d8209a8e06089d70e65901b7481_JaffaCakes118

Files

e5e83d8209a8e06089d70e65901b7481_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2e44883cd149e485d2dba48a1006e0b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

CLSIDFromString
StgConvertPropertyToVariant
ReleaseStgMedium
OleConvertIStorageToOLESTREAMEx

msvcrt

isupper
fputwc
wcstombs
memcpy

shell32

SHInvokePrinterCommandA
SHInvokePrinterCommandW
SHEmptyRecycleBinW
ShellAboutA

setupapi

SetupCommitFileQueueW

user32

GetClassNameA
GetShellWindow

comdlg32

GetFileTitleA
PrintDlgW
GetOpenFileNameA

imm32

ImmIsUIMessageW
ImmReleaseContext

pdh

PdhGetCounterInfoA

ntdsapi

DsReplicaSyncA
DsAddSidHistoryA
DsFreeDomainControllerInfoA

urlmon

URLOpenBlockingStreamA
RegisterFormatEnumerator

kernel32

VirtualProtect
GetModuleHandleA
GetQueuedCompletionStatus
CreateProcessW
SetHandleCount
OpenWaitableTimerA
EnumResourceNamesW
AddVectoredExceptionHandler
FindResourceA
IsBadCodePtr
VirtualQuery
ExitProcess
EnumCalendarInfoExW
ReadConsoleOutputA
CreateWaitableTimerA
lstrcatA
lstrcpyW
FormatMessageA
GetBinaryTypeW
SetCalendarInfoA
CreateEventW
FreeConsole
LocalFlags
IsBadReadPtr

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e44883cd149e485d2dba48a1006e0b6

Headers

File Characteristics

Imports

ole32

msvcrt

shell32

setupapi

user32

comdlg32

imm32

pdh

ntdsapi

urlmon

kernel32

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 152KB - Virtual size: 148KB

.data Size: 8KB - Virtual size: 275KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 152KB - Virtual size: 148KB

.data
Size: 8KB - Virtual size: 275KB

.rsrc
Size: 4KB - Virtual size: 1KB