ead8170f23491d5f250062b93ba72155_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ead8170f23491d5f250062b93ba72155_JaffaCakes118
Size

561KB
MD5

ead8170f23491d5f250062b93ba72155
SHA1

9557ffdc591034404c734ff8765e608d3496f9ba
SHA256

02d953400eb044c4f88ba9f856087f2f074c6f85ec1fb44a56518482fe31e459
SHA512

bcc32f625a08c24c47f982446545ad31d537a785c0cdcb4c16166e324c13bb3c2556469d557a459be5e6b83e84da33b0109e94bb07b4863af345061edefb9098
SSDEEP

12288:wK5fe9NNtUrSH2Ak38gvxZXSHLAZSnyNe9QtvLv6P:wK5QNNtUr4khvxZuLcSnke9iS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ead8170f23491d5f250062b93ba72155_JaffaCakes118

Files

ead8170f23491d5f250062b93ba72155_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1387a71a044cb76cf98a8318dd8a05bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ReportEventA
RegQueryValueW
RegQueryInfoKeyA
RegEnumValueA
CryptSetProviderW
DuplicateTokenEx
InitializeSecurityDescriptor
RegSaveKeyW
CryptGenKey
RegQueryValueExA
GetUserNameW
CryptSetKeyParam
CryptEncrypt
CryptGetDefaultProviderW

kernel32

HeapAlloc
GetCurrentProcess
HeapReAlloc
GetEnvironmentStringsW
MultiByteToWideChar
RtlFillMemory
WriteFile
DeleteCriticalSection
GetModuleHandleA
LoadLibraryA
CompareStringA
TlsFree
HeapSize
IsValidLocale
VirtualQuery
GetFileType
GetModuleFileNameA
GetStringTypeW
HeapDestroy
HeapCreate
RtlUnwind
GetCurrentThread
EnumSystemLocalesA
SetLastError
HeapFree
GetSystemTimeAsFileTime
OpenMutexA
CloseHandle
GetPrivateProfileSectionNamesA
ReadConsoleOutputA
GetACP
GetPrivateProfileStringA
CreateMutexA
FlushConsoleInputBuffer
CreateNamedPipeA
ReadConsoleOutputCharacterA
VirtualAlloc
GetEnvironmentVariableW
GetUserDefaultLCID
UnhandledExceptionFilter
WriteConsoleOutputCharacterA
GetStdHandle
lstrcatW
GetLastError
VirtualFree
SetStdHandle
EnterCriticalSection
GetLocaleInfoW
LeaveCriticalSection
IsValidCodePage
GetStringTypeA
LCMapStringW
GlobalFix
TlsGetValue
TerminateProcess
TlsAlloc
GetStartupInfoW
InitializeCriticalSection
QueryPerformanceCounter
GetLocaleInfoA
GlobalReAlloc
GetCommandLineW
LCMapStringA
GetCPInfo
CompareStringW
GetTimeFormatA
ReadFile
GetDateFormatA
FreeEnvironmentStringsA
VirtualProtect
FreeEnvironmentStringsW
GetEnvironmentStrings
GetModuleFileNameW
IsDebuggerPresent
IsBadWritePtr
WideCharToMultiByte
GetVersionExA
SetVolumeLabelW
GetCommandLineA
GetTimeZoneInformation
ExitProcess
InterlockedExchange
GetThreadPriority
GetCurrentProcessId
TlsSetValue
SetHandleCount
GetOEMCP
GetTickCount
GetCurrentThreadId
GetStartupInfoA
GetSystemInfo
SetFilePointer
GetProcAddress
SetEnvironmentVariableA
FlushFileBuffers

comctl32

InitCommonControlsEx

user32

MonitorFromRect
EnumDesktopsW
OemToCharA
AppendMenuA
UnregisterHotKey
RegisterClassA
BringWindowToTop
SetWindowsHookW
SetWindowPlacement
RegisterClassExA
GetWindowInfo
DeleteMenu
UnhookWindowsHookEx
ValidateRect
SetMenuItemBitmaps
GetUpdateRgn
GetClassLongW
LoadImageW
CreateWindowExW
GetMenuItemInfoA
DialogBoxParamW
GetWindowLongA
RegisterClassExW
DdeQueryConvInfo
RealGetWindowClass

wininet

InternetTimeToSystemTimeA
GetUrlCacheEntryInfoExA
InternetOpenA
CreateUrlCacheContainerW
CreateUrlCacheEntryW
InternetReadFileExA
FtpPutFileW
InternetAttemptConnect

shell32

FindExecutableW
SHInvokePrinterCommandW
SHEmptyRecycleBinW
SHQueryRecycleBinA
SHGetSpecialFolderPathW

gdi32

GetCharABCWidthsFloatA
GetArcDirection
Pie
GetSystemPaletteUse
CreateScalableFontResourceW
GetStretchBltMode
GetPaletteEntries
GetKerningPairsA
PolyPolyline
CreateEllipticRgn
TextOutW
CreateBitmap
GetCharacterPlacementW
SetMapMode
CreateDCA
PolyDraw
GetEnhMetaFileDescriptionW
PathToRegion
LineDDA
GetGlyphOutline

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1387a71a044cb76cf98a8318dd8a05bc

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

user32

wininet

shell32

gdi32

Sections

.text Size: 225KB - Virtual size: 225KB

.rdata Size: 9KB - Virtual size: 36KB

.data Size: 315KB - Virtual size: 315KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 225KB - Virtual size: 225KB

.rdata
Size: 9KB - Virtual size: 36KB

.data
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 9KB - Virtual size: 9KB