eff34559fc62436ffe6d2c03a0c05e86_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eff34559fc62436ffe6d2c03a0c05e86_JaffaCakes118
Size

40KB
MD5

eff34559fc62436ffe6d2c03a0c05e86
SHA1

4090a3b3cd8455db3d5325076a1e22834f21a355
SHA256

3b20547e620b3a39f068dfd2140f240a41f11fb21fd1e6b5fea495e23ddecb54
SHA512

cbc3fc972aeef67e5a9f55ed8c5b79fdc91475abf0adfe230986174437c64853f143126cbf193f498cd2e39b8b50498a4f9014ecc31d4fb283cb0a88af7235ad
SSDEEP

768:4/axnNIIZBogSiadfkqw/Cf03YDpDeup2AOplWqTT7:Rxld1auqw/CfWYDIupNs/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eff34559fc62436ffe6d2c03a0c05e86_JaffaCakes118

Files

eff34559fc62436ffe6d2c03a0c05e86_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6f407c09da6e324f00a82c02a90b2dbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
OpenMutexA
GetCommandLineW
GetAtomNameW
GetCurrentThreadId
GetHandleInformation
SetCalendarInfoA
DosDateTimeToFileTime
CopyFileExW
GetModuleHandleW
SetCalendarInfoW
EnumDateFormatsA
SetLocaleInfoA
GetFileSize
SetUnhandledExceptionFilter
GlobalDeleteAtom
OpenProcess
GetDiskFreeSpaceW
OpenWaitableTimerA
CompareStringW
GetUserDefaultLCID
GetOEMCP
GetVolumeInformationW
WinExec
GetUserDefaultLangID
GetLogicalDriveStringsW
GetWindowsDirectoryA
ReplaceFileW
GetThreadPriority
GetStringTypeA
ExpandEnvironmentStringsW
Beep
GetStringTypeW
LoadResource
SetThreadPriority
GetProcAddress
GetFullPathNameW
GetModuleHandleA
ConnectNamedPipe
MulDiv
IsValidCodePage
CreateDirectoryW
CreateFileA
GetDateFormatW
lstrcmpW
GetExpandedNameW
GetCommandLineA

user32

SendDlgItemMessageW
GetAsyncKeyState
DestroyWindow
GetDC
EnumWindows
GetDC
SetCursor
SetDlgItemTextA
AppendMenuA
CharNextW
SetTimer
IsWindow

gdi32

GetTextExtentPointA
ColorCorrectPalette
RectVisible
ResetDCW
EnumFontsW
GetCharWidth32A
GetOutlineTextMetricsW
FixBrushOrgEx
SetPixelFormat
CreateDIBPatternBrushPt
EnumICMProfilesA

advapi32

RegOpenKeyW
RegFlushKey
RegCreateKeyW
RegEnumValueA
RegRestoreKeyW
RegOpenKeyA
RegDeleteValueA

shell32

StrStrA
StrRChrIW
ExtractIconExW
SHGetFolderPathW

ole32

CoFileTimeNow
CoGetDefaultContext
CoGetInstanceFromFile

setupapi

SetupLogFileA

wininet

InternetGetConnectedStateExA
InternetCreateUrlW
GetUrlCacheConfigInfoA
UnlockUrlCacheEntryFile
InternetShowSecurityInfoByURL
ReadUrlCacheEntryStream
InternetOpenW
InternetFindNextFileA
IsUrlCacheEntryExpiredA
FtpDeleteFileA
InternetAttemptConnect
DetectAutoProxyUrl
FindNextUrlCacheContainerW
ForceNexusLookupExW
GopherGetAttributeW
FreeUrlCacheSpaceA
InternetWriteFileExW
InternetShowSecurityInfoByURLW

sqlunirl

_SetWindowText@8

crypt32

CertAddCTLLinkToStore
CertGetCertificateChain
CryptCloseAsyncHandle
CertOpenSystemStoreA
I_CryptInstallOssGlobal
CryptVerifyDetachedMessageSignature
CertVerifyCertificateChainPolicy
CryptMemRealloc
CryptSIPRetrieveSubjectGuidForCatalogFile

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TZeQV
Size: 1KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Bnl
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BAs
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rMBF
Size: 1KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.W
Size: 2KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xr
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JB
Size: 1024B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bw
Size: 1024B - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f407c09da6e324f00a82c02a90b2dbf

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

setupapi

wininet

sqlunirl

crypt32

Sections

.text Size: 11KB - Virtual size: 10KB

.TZeQV Size: 1KB - Virtual size: 48KB

.Bnl Size: 2KB - Virtual size: 26KB

.BAs Size: 3KB - Virtual size: 4KB

.rMBF Size: 1KB - Virtual size: 27KB

.W Size: 2KB - Virtual size: 37KB

.xr Size: 2KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 7KB

.JB Size: 1024B - Virtual size: 31KB

.bw Size: 1024B - Virtual size: 204KB

.rsrc Size: 164KB - Virtual size: 163KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.TZeQV
Size: 1KB - Virtual size: 48KB

.Bnl
Size: 2KB - Virtual size: 26KB

.BAs
Size: 3KB - Virtual size: 4KB

.rMBF
Size: 1KB - Virtual size: 27KB

.W
Size: 2KB - Virtual size: 37KB

.xr
Size: 2KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 7KB

.JB
Size: 1024B - Virtual size: 31KB

.bw
Size: 1024B - Virtual size: 204KB

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 1KB - Virtual size: 1KB