2c0fd7c288e53ee7dfa6eb8b4374fd4b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c0fd7c288e53ee7dfa6eb8b4374fd4b_JaffaCakes118
Size

348KB
MD5

2c0fd7c288e53ee7dfa6eb8b4374fd4b
SHA1

3632974eef6b98a192d2b2e6faec478e12c8bc62
SHA256

150f0ce76bd1f698b6cff5615978e872c9204565240c5529a78b2c7c4cffb35a
SHA512

454daf39da04ad41e955053748559f867629947062b97cdc1d02cc3ba60a3292519f8698e665dc87b350281a6f6f2fa9cd8ddcc2181ef3a9e64b825f8dac1c75
SSDEEP

6144:PlXQTD+qvszNk01+2ezNBkRgRp0R7rwTQbZpEU4t/9FrUyHhB:PhFqvmk0k2eHkRJR7ETG54t/9Fg8/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c0fd7c288e53ee7dfa6eb8b4374fd4b_JaffaCakes118

Files

2c0fd7c288e53ee7dfa6eb8b4374fd4b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

191b494b1ddef77b5d9de74a40844178

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\190\Guide\Release\send.pdb

Imports

kernel32

GetModuleHandleW
GetProcessHeap
WideCharToMultiByte
CreateEventA
SetConsoleTitleA
GetStdHandle
GetLastError
VirtualAlloc
CreateTimerQueueTimer
GetConsoleScreenBufferInfo
GetExitCodeThread
_lread
GetCurrentThreadId
_lopen
DeleteTimerQueueTimer
CreateThread
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
LoadLibraryA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
_lclose
GetUserDefaultLCID
CloseHandle
HeapSize
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
ExitProcess
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
SetEvent
WaitForSingleObject
HeapAlloc
lstrlenA
CreateTimerQueue
CreateFileA
GetComputerNameA
ReadFile
WriteFile
GetFileSize
GetLocaleInfoA
LocalFree
GetFileTime
FindNextFileW
FindClose
GetCurrentDirectoryW
CreateFileW
CompareFileTime
HeapReAlloc
VirtualFree
HeapCreate
GetStringTypeW
LCMapStringA
FindFirstFileW
GetCommandLineW
LCMapStringW
RtlUnwind
RaiseException
GetCPInfo
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar

user32

CreateWindowExA
UpdateWindow
MoveWindow
GetWindowThreadProcessId
DrawFrameControl
DestroyIcon
LoadCursorA
FindWindowA
GetSystemMenu
ScreenToClient
OpenDesktopA
GetMessageW
SendDlgItemMessageA
GetParent
LoadIconA
wsprintfA
GetClientRect
SetFocus
OpenWindowStationW
GetWindowTextLengthA
SendMessageA
PtInRect
GetIconInfo
GetDC
TranslateMessage
GetAsyncKeyState
GetMenuCheckMarkDimensions
PeekMessageA
GetDlgItem
EndDialog
GetCursorPos
LoadAcceleratorsA
ShowWindow
DrawMenuBar
AppendMenuA
IsWindow
CreateWindowExW
DispatchMessageA
PostThreadMessageW
DefMDIChildProcA
BeginDeferWindowPos
GetSystemMetrics
SetWindowTextA
LoadImageA
CloseWindow

gdi32

GetTextExtentPoint32A
SetTextColor
GetDeviceCaps
SetBkColor
ExcludeClipRect
SetDCPenColor
GetTextAlign
SetTextJustification
SetTextAlign
TextOutA
PatBlt

advapi32

IsTextUnicode
CreateWellKnownSid
GetUserNameA
LsaClose
OpenProcessToken

shell32

ExtractIconExA
CommandLineToArgvW
ShellExecuteA

ole32

CreateStreamOnHGlobal

oleaut32

OleSavePictureFile

crypt32

CryptRegisterOIDFunction
CryptRegisterDefaultOIDFunction

winmm

mmioDescend
mmioClose

shlwapi

PathFindFileNameW

netapi32

NetLocalGroupAddMember
NetUserAdd

winscard

SCardGetProviderIdW

winhttp

WinHttpSendRequest

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

tapi32

phoneGetGain

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

191b494b1ddef77b5d9de74a40844178

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

crypt32

winmm

shlwapi

netapi32

winscard

winhttp

setupapi

tapi32

Sections

.text Size: 145KB - Virtual size: 144KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 7KB - Virtual size: 527KB

.rsrc Size: 151KB - Virtual size: 151KB

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 7KB - Virtual size: 527KB

.rsrc
Size: 151KB - Virtual size: 151KB