ffe0597d861a44d0a0fbe2e51cc26db1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ffe0597d861a44d0a0fbe2e51cc26db1_JaffaCakes118
Size

307KB
MD5

ffe0597d861a44d0a0fbe2e51cc26db1
SHA1

eb076bf9cfe94766a8338bf6b0f70ab1571ad491
SHA256

ec60823b2e63bda34aa88cfe7d7f2535cd1f051ed89810a7ada6f3a35d6e67b0
SHA512

e909d3a30c35c1b3e3ecc085b046e076a7f390b173b54eee06d700e35d4859395aebe9afa839d0a8b224cef5d7c320bbd2b7b642f6cf0e99eb8f26be7c88df97
SSDEEP

6144:ew9++bLjS10iDOEhAOlj/uuJudyHj+VABWviGvQx:/vS6iDPNptyVAmQx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffe0597d861a44d0a0fbe2e51cc26db1_JaffaCakes118

Files

ffe0597d861a44d0a0fbe2e51cc26db1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3e899f66e75e71255e8b5a50d9ac7f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeLibrary
lstrlenW
LeaveCriticalSection
GetProcessHeap
DeleteCriticalSection
CloseHandle
EnterCriticalSection
HeapAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetFileInformationByHandle
LockResource
FindResourceW
RaiseException
GetCurrentThreadId
HeapSize
CompareFileTime
IsProcessorFeaturePresent
SizeofResource
HeapFree
LoadResource
GetSystemTimeAsFileTime
FindResourceExW
HeapDestroy
SwitchToThread
HeapReAlloc
IsDebuggerPresent
CreateFileW
VirtualAlloc

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

oleaut32

VariantInit
SysAllocStringLen
UnRegisterTypeLi
VariantClear
VarBstrCmp
VariantChangeType
SysStringLen
SysStringByteLen
SafeArrayLock
LoadRegTypeLi
VarBstrCat
SysAllocStringByteLen
SafeArrayUnlock
SafeArrayDestroy
RegisterTypeLi
SafeArrayGetUBound
SysAllocString
SafeArrayGetLBound
SysFreeString
SafeArrayGetVartype
VarBstrFromDec
SetErrorInfo

user32

CharNextW
RegisterWindowMessageW
GetDC
CharPrevA
MessageBoxIndirectW
DestroyCursor
GetMessageA
GetScrollPos
LoadImageW
wsprintfA
WaitForInputIdle
wvsprintfW
LoadIconA
LoadMenuA
PostMessageW
EnumWindows
TrackPopupMenuEx
GetMenuItemRect

ole32

IIDFromString
StringFromGUID2
CLSIDFromString
CoCreateInstance

gdi32

GetLayout

shimeng

SE_DllUnloaded
SE_ProcessDying
SE_DynamicShim
SE_InstallBeforeInit

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3e899f66e75e71255e8b5a50d9ac7f3

Headers

File Characteristics

Imports

kernel32

advapi32

oleaut32

user32

ole32

gdi32

shimeng

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 269KB - Virtual size: 400KB

.rdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 17KB - Virtual size: 26KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 269KB - Virtual size: 400KB

.rdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 17KB - Virtual size: 26KB