ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118
Size

2.3MB
MD5

ffbc94a88f6dfaa56a9ccfba40a95d2d
SHA1

56f4c2c515f765c020795d4f08d589449b30ca7b
SHA256

f4e51f1737ab1013f9f45465b7c68d74096b6bb2b7e03fc5506321d987fd5144
SHA512

2ef4db6d35f25b4ace8c8ce44f2ea2653b0b8ae40ae02bb1a5316e4dac1d07dce1b02669df85cb90f0ef24f57d94de42077cc64849e3f582a2a6e998d39d6a1d
SSDEEP

49152:l0g7mM+M6RkMkIM7I067SlYvoGxUSJpXDwZqhaK6zbfqdl:EM+M6RkMkIM7zsRXEx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118

Files

ffbc94a88f6dfaa56a9ccfba40a95d2d_JaffaCakes118
.exe windows:6 windows x64 arch:x64

2b84b899b6f300d0016ed11889c0ae02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

iexplore.pdb

Imports

advapi32

GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
RegOpenKeyExW
GetTraceEnableLevel
RegCloseKey
RegisterTraceGuidsW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW

kernel32

DeleteCriticalSection
ReleaseMutex
CloseHandle
GetWindowsDirectoryW
LocalFree
ExpandEnvironmentStringsW
LoadLibraryW
Sleep
GetLastError
GetSystemDefaultLCID
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultUILanguage
CreateFileMappingW
GetFileTime
HeapSetInformation
IsWow64Process
LocalAlloc
GetProcAddress
SetLastError
VerifyVersionInfoW
lstrlenW
CreateFileW
GetModuleFileNameW
TerminateProcess
GetVersionExW
GetLocaleInfoW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceExW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
SearchPathW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeCriticalSection
RaiseException
LoadLibraryA
GetModuleHandleW
GetCurrentProcess
VerSetConditionMask
SetDllDirectoryW
CreateProcessW
SetErrorMode
GetCommandLineW
GetCurrentDirectoryW

user32

CharNextW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindowVisible
MessageBoxW
FindWindowExW
SendMessageTimeoutW
LoadStringW
IsWindowEnabled

msvcrt

??3@YAXPEAX@Z
_wcsicmp
_wcsnicmp
bsearch
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
memmove
memset
memcpy
??2@YAPEAX_K@Z
_vsnwprintf
iswspace
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wcsncmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shlwapi

SHSetValueW
SHRegGetValueW
PathQuoteSpacesW
PathCombineW
UrlCreateFromPathW
UrlApplySchemeW
SHEnumValueW
StrStrW
PathFindFileNameW
ord158
PathAppendW
SHStrDupW
SHQueryValueExW
PathAddBackslashW
SHGetValueW
PathRemoveFileSpecW
ord154
ord437
UrlCanonicalizeW
ord462
PathIsURLW
ord219
ord172

shell32

ord17
ord16
ord147
SHCreateShellItem
ord152
SHGetDesktopFolder
CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx

iertutil

ord650
ord163
ord74
ord85
ord81
ord79
ord58
ord46
ord42
ord32
ord44
ord325
ord9
ord31

urlmon

ord410
ord104
ord111

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b84b899b6f300d0016ed11889c0ae02

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

shlwapi

shell32

ole32

iertutil

urlmon

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 604KB - Virtual size: 604KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 604KB - Virtual size: 604KB

.reloc
Size: 2KB - Virtual size: 1KB