2bd210cc6991b7f82a1c448a55b7a50d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bd210cc6991b7f82a1c448a55b7a50d_JaffaCakes118
Size

914KB
MD5

2bd210cc6991b7f82a1c448a55b7a50d
SHA1

50badfc0d15a01a132f29956bd9aec1e2ae7b5fe
SHA256

fbe09fea9219eec4efce6c2dc824448581db99a660c829369f37350b4426c277
SHA512

69cb477d264aea142c59f07fd7fc31ebd6475cd0328695fd7b70d9a9b758fe15ffcad06268dbb2faa9b8307915607846e22699689317924d87a7ce281da027ad
SSDEEP

24576:NbJ8PXEjUtvaCVVSO15JAuMXxjh540vULhxzeF7btk6:48YF7lAuMBjhNAhxzgk6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bd210cc6991b7f82a1c448a55b7a50d_JaffaCakes118

Files

2bd210cc6991b7f82a1c448a55b7a50d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e41c4b1ff0b24aa95fdfb517416ab1e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapFree
HeapSize
GetCurrentThreadId
GetLastError
SetEvent
PulseEvent
GetSystemTimeAsFileTime
CreateMutexW
GetModuleHandleW
MoveFileWithProgressW
CreateJobObjectW
GetCPInfo
MultiByteToWideChar
LCMapStringW
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LocalFree
GlobalSize
GlobalAlloc
EnumLanguageGroupLocalesW
GetProcAddress
LCMapStringA
LoadLibraryA
HeapReAlloc
GetOEMCP
GetACP
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue

user32

DrawTextW
ScreenToClient
GetCursor
MessageBeep
EnableScrollBar
GetDCEx
SetActiveWindow
IsCharAlphaW
EndMenu
LoadMenuW
EnableWindow
MsgWaitForMultipleObjects
DrawEdge

comdlg32

ReplaceTextW
FindTextW
GetFileTitleW
ChooseFontW

mpr

WNetGetConnectionW

oleaut32

SysReAllocStringLen
SetErrorInfo
RegisterTypeLi
LoadTypeLi
VarNot
VarBstrFromBool
VarBstrFromDate
VarBstrFromCy
VariantChangeType
SafeArrayPutElement
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SysStringLen
SysFreeString

winspool.drv

GetJobW

secur32

GetUserNameExW

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7agt
Size: 732KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e41c4b1ff0b24aa95fdfb517416ab1e7

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

mpr

oleaut32

winspool.drv

secur32

Sections

.text Size: 61KB - Virtual size: 61KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 7.0MB

.7agt Size: 732KB - Virtual size: 732KB

.rsrc Size: 104KB - Virtual size: 103KB

.text
Size: 61KB - Virtual size: 61KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 7.0MB

.7agt
Size: 732KB - Virtual size: 732KB

.rsrc
Size: 104KB - Virtual size: 103KB