26350e1fc070753d41110232c06c218d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26350e1fc070753d41110232c06c218d_JaffaCakes118
Size

250KB
MD5

26350e1fc070753d41110232c06c218d
SHA1

544d09186ddfec54a764d6f8c112ccce6f8545db
SHA256

9b4a43bd03be444e13473b97f92cd5a63ae6e95a282c2708a67ab48e39047cf4
SHA512

2e8154300be0a35d2f8f8b33624250b24985b1ee9c05ff335f6a5fc91c9d601893fd82feb5233c58dec6c68f6724f04ec13463f3d265052139ec4fce27201123
SSDEEP

6144:cFT4LOslyJZRVNDV8I/JEJ6JtOQdKLDgSz9FBfD:cF0Hy/RVNp6JitldKLDgA9TD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26350e1fc070753d41110232c06c218d_JaffaCakes118

Files

26350e1fc070753d41110232c06c218d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

654c3b4722bf366c6228ef16795e5696

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\flames\Kozol\DataSource\encrypt.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
LoadLibraryA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
HeapReAlloc
VirtualAlloc
EnterCriticalSection
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
FlushFileBuffers
GlobalReAlloc
CloseHandle
EnumDateFormatsA
GetModuleHandleA
GetEnvironmentStrings
LocalAlloc
CreateNamedPipeA
GetProcAddress
GetLastError
ReadFile
OpenProcess
GetProcessHeap
GetCurrentThread
ConnectNamedPipe
HeapFree
HeapAlloc
GetFileSize
CreateFileA
FreeEnvironmentStringsA
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
MultiByteToWideChar
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind

user32

GetDlgCtrlID
SetScrollInfo
MapWindowPoints
SetWindowTextA
GetScrollPos
ModifyMenuA
CopyRect
RegisterClassA
CallWindowProcA
IsWindow
GetMenuItemCount
EndPaint
DestroyWindow
ScreenToClient
GetWindowRect
PostQuitMessage
FillRect
GetMenuItemID
DrawIconEx
GetParent
LoadIconA
SetParent
GetClientRect
SendMessageA
BeginPaint
SetScrollRange
GetIconInfo
GetDC
DrawFocusRect
InflateRect
GetForegroundWindow
GetMenu
GetWindowPlacement
GetCursorInfo
CopyIcon
SetRect
SetWindowLongA
MessageBoxA
InvalidateRect
SetScrollPos
ReleaseDC
GetDlgItem
DefWindowProcA
GetSysColor
EnableScrollBar

gdi32

DeleteDC
CreateDIBSection
CreateFontIndirectA
ExcludeClipRect
SetBkMode
DeleteObject
SelectObject
SelectClipRgn
CreateCompatibleDC
GetKerningPairsA
GetTextMetricsA
ExtTextOutA
CreateSolidBrush
TextOutA
SetTextColor

comdlg32

PageSetupDlgA

advapi32

CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptCreateHash
ImpersonateNamedPipeClient
CryptEncrypt
CryptAcquireContextA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptReleaseContext
CryptDeriveKey
OpenThreadToken

ole32

StgOpenStorage

psapi

EnumProcesses
GetWsChanges
InitializeProcessForWsWatch
QueryWorkingSet

gdiplus

GdipGetImageGraphicsContext
GdipFree
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromScan0

uxtheme

CloseThemeData
DrawThemeBackground

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

654c3b4722bf366c6228ef16795e5696

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

ole32

psapi

gdiplus

uxtheme

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 20KB - Virtual size: 27KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 20KB - Virtual size: 27KB

.rsrc
Size: 13KB - Virtual size: 13KB