f2aa272c6174c59bd0c7171bff6eec20_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f2aa272c6174c59bd0c7171bff6eec20_JaffaCakes118
Size

307KB
MD5

f2aa272c6174c59bd0c7171bff6eec20
SHA1

84b98de9992181f592c1008a14264c0b6cbca1c1
SHA256

ef3b53c5d6d9be4bd0a66c645107dafb02fee028c11928a5934c763432b61120
SHA512

bdb9422cda5fd57423980493c71d70861d87079c2e4b30b9d55aaa8d22466632dabe3c5bc2434fe8838b3d219d468e0c6dea4cc42d2ab2dcba56efbdf8c75e78
SSDEEP

6144:PMdbHniiav4BnRcXjdQ7ZHHgYjKAB0HBC2pZr:sHikdRojdQ7REvCMZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2aa272c6174c59bd0c7171bff6eec20_JaffaCakes118

Files

f2aa272c6174c59bd0c7171bff6eec20_JaffaCakes118
.exe windows:5 windows x86 arch:x86

40ccda4501a153e0331761c1e960f0d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SafeArrayLock
SafeArrayCreate
RegisterTypeLi
SafeArrayGetVartype
SysStringByteLen
VariantInit
LoadTypeLi
SysAllocString
GetErrorInfo
UnRegisterTypeLi
DispCallFunc
SysAllocStringByteLen
SysAllocStringLen
LoadRegTypeLi
SafeArrayRedim
SafeArrayUnlock
VarUI4FromStr
SafeArrayDestroy
SysStringLen
VariantCopyInd
SysFreeString
VariantCopy
SafeArrayGetLBound
VariantClear
SafeArrayGetUBound
SafeArrayCopy

kernel32

LoadLibraryExA
SetFileAttributesA
RaiseException
WaitForSingleObject
CreateMutexA
lstrcmpA
SetPriorityClass
CreateProcessA
GetACP
RemoveDirectoryA
CreateEventA
HeapFree
SizeofResource
SetProcessWorkingSetSize
CreateFileA
GetCurrentThreadId
OpenMutexA
WideCharToMultiByte
GetThreadLocale
HeapDestroy
LocalFree
ReleaseMutex
GetCommandLineA
FormatMessageA
FindClose
FindFirstFileA
CopyFileA
lstrcpyA
lstrlenW
CreateDirectoryA
lstrcpynA
FindNextFileA
GetModuleHandleA
HeapReAlloc
FindResourceA
LocalAlloc
GetSystemTimeAsFileTime
lstrcatA
HeapAlloc
lstrlenA
LoadResource
EnterCriticalSection
ResetEvent
FreeLibrary
OpenProcess
LockResource
IsDBCSLeadByte
FindResourceExA
lstrcmpiA
OpenEventA
CloseHandle
GetPriorityClass
CreateThread
OutputDebugStringA
GetUserDefaultLangID
GetProcessHeap
LeaveCriticalSection
DeleteFileA
WaitForMultipleObjects
GetTempPathA
DeleteCriticalSection
HeapSize
GetVersion
VirtualAllocEx

user32

LoadCursorA
CreateWindowExA
CharNextA
GetMessageA
RegisterClassA
PeekMessageA
RegisterWindowMessageA
PostThreadMessageA
MessageBoxA
DefWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
TranslateMessage
PostQuitMessage
LoadStringA

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ole32

CoRevokeClassObject
CoTaskMemFree
CoTaskMemAlloc
CoMarshalInterThreadInterfaceInStream
CoInitializeSecurity
CoUninitialize
CoGetInterfaceAndReleaseStream
CoTaskMemRealloc
CoCreateInstance
OleRun
CoInitializeEx
CoRegisterClassObject
CLSIDFromString
CoInitialize
CLSIDFromProgID
StringFromGUID2

shlwapi

PathFileExistsA
PathFindExtensionA

comctl32

ImageList_LoadImageA
ImageList_SetBkColor
CreateToolbarEx
CreateStatusWindowW
ImageList_DragMove
CreateUpDownControl
UninitializeFlatSB

umdmxfrm

GetXformInfo

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 281KB - Virtual size: 997KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40ccda4501a153e0331761c1e960f0d8

Headers

File Characteristics

Imports

oleaut32

kernel32

user32

rpcrt4

ole32

shlwapi

comctl32

umdmxfrm

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 281KB - Virtual size: 997KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 281KB - Virtual size: 997KB

.rsrc
Size: 2KB - Virtual size: 2KB