efdea97b24017e64ca1a44da63f26a67_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

efdea97b24017e64ca1a44da63f26a67_JaffaCakes118
Size

302KB
MD5

efdea97b24017e64ca1a44da63f26a67
SHA1

d0cfdc5f5d2d27a43ac5d293b587583158e73182
SHA256

15588579a2b67f1ed770c9722e50aae4454e3789dcf39e9518ba45668c0c2288
SHA512

2e3d655fda4a6c38d0e8b4c183e0f9e5b80af9e9f46e4e8ddc368c6170a53719a0d5beb9608a603b02a852a071b9b5ff9bf84926f375cc45139bdb14e3137229
SSDEEP

6144:ua9NFt1kJ3Bod/sc84LRabzGoFsYuc+6H3Gu1VPzphKJIJhrxLbnXKKV:ua9Hi3Bod/sc8yafXFsf2XXzvfNbn6K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efdea97b24017e64ca1a44da63f26a67_JaffaCakes118

Files

efdea97b24017e64ca1a44da63f26a67_JaffaCakes118
.exe windows:4 windows x86 arch:x86

866c2202c21d4eb2ceb64eb46b3bcae8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextW
GetDC
DestroyIcon
CharUpperW
PeekMessageW
MessageBeep
GetMessageW
GetMenuItemInfoA
OffsetRect
CharPrevA
LoadMenuA
SetCapture
LoadBitmapA
CreateAcceleratorTableA
CharUpperA

ole32

CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
CoTaskMemFree
StringFromCLSID
CoCreateInstance

kernel32

InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
LoadResource
RaiseException
LeaveCriticalSection
IsProcessorFeaturePresent
GlobalUnlock
GetProcessHeap
EnterCriticalSection
GetSystemTimeAsFileTime
GlobalAlloc
lstrlenW
GlobalSize
HeapFree
FindResourceExW
GlobalFree
FindResourceW
GetCurrentDirectoryW
HeapDestroy
IsDBCSLeadByteEx
SwitchToThread
GetFullPathNameW
LockResource
GlobalReAlloc
CreateFileW
UnhandledExceptionFilter
FreeLibrary
IsDebuggerPresent
OutputDebugStringW
GlobalLock
SetThreadLocale
GetTempFileNameW
GetModuleHandleW
HeapReAlloc
CloseHandle
CopyFileW
DeleteFileW
SizeofResource
HeapAlloc
GetThreadLocale
HeapSize
GetCurrentThreadId
GetFileSize
DeleteCriticalSection
ReadFile
GetStartupInfoA
VirtualAlloc

oleaut32

VariantInit
SafeArrayDestroy
SysFreeString
SafeArrayLock
RegisterTypeLi
SysStringByteLen
SafeArrayGetVartype
SafeArrayGetLBound
SysStringLen
LoadRegTypeLi
SysAllocStringLen
UnRegisterTypeLi
VarBstrCat
VarBstrCmp
LoadTypeLi
GetErrorInfo
SafeArrayGetUBound
SafeArrayUnlock
VariantClear
SysAllocStringByteLen
SysAllocString

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shlwapi

PathFindFileNameW
PathRenameExtensionW
PathCombineW
PathFindExtensionW
PathCanonicalizeW
PathRemoveFileSpecW
PathIsURLW
PathRemoveExtensionW
PathStripToRootW
PathIsRelativeW
PathFileExistsW

gdi32

GetClipBox

cmutil

CmEndOfStrW
CmStrStrW
GetOSBuildNumber
CmStrTrimW
CmAtolA
CmWinHelp

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 261KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

866c2202c21d4eb2ceb64eb46b3bcae8

Headers

File Characteristics

Imports

user32

ole32

kernel32

oleaut32

version

advapi32

shlwapi

gdi32

cmutil

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 261KB - Virtual size: 464KB

.rdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 261KB - Virtual size: 464KB

.rdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 11KB