2c21ae6ba55efb9e32163f244b22f242_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c21ae6ba55efb9e32163f244b22f242_JaffaCakes118
Size

1.1MB
MD5

2c21ae6ba55efb9e32163f244b22f242
SHA1

31c60235ec78e9a7a4c494c89d08f564501f64d4
SHA256

d1728c0ad2aac1cea31f5f881343df15de025a2ce5f705108dc3819958dfa598
SHA512

3068abecc22110dcde295e9fdf36b574add4948619f0b84511608da62924e2eed1f8291ffa7761abad499bbc0b98f40a7d13392ce14f5bce3f259b828987b893
SSDEEP

24576:2EVlCxpSNP41YH2wz/Y4GNw7uCm+/UYc5Sm380S:6xpS2uHc7N4m+/dcT/S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c21ae6ba55efb9e32163f244b22f242_JaffaCakes118

Files

2c21ae6ba55efb9e32163f244b22f242_JaffaCakes118
.exe windows:5 windows x86 arch:x86

809186c9ac9c64e1d15a65b50531097d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
GetStringTypeW
WideCharToMultiByte
GetOEMCP
GetTempPathW
GetModuleHandleW
GetSystemTimeAsFileTime
CloseHandle
WriteFile
WaitForSingleObject
GetLastError
GetCurrentThreadId
GetEnvironmentStringsW
VirtualAlloc
GlobalFree
GetProcAddress

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CryptProtectData
CertGetNameStringW
CryptAcquireCertificatePrivateKey
CertFindExtension
CertGetPublicKeyLength
CertGetEnhancedKeyUsage
CertFreeCTLContext
CertAddEncodedCertificateToStore
CertFreeCRLContext
CertSetCertificateContextProperty
CertFreeCertificateContext
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CryptDecodeObject
CryptEnumOIDInfo
CryptMsgUpdate
CryptMsgGetParam
CryptBinaryToStringW

msvcrt

_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

shlwapi

StrChrW
StrCmpNW
StrStrIW
StrToIntExW
StrTrimW
StrRetToStrW
StrRetToBufW
PathAddBackslashW
PathAppendW
PathFindFileNameW
PathIsDirectoryW
PathStripToRootW
UrlCanonicalizeW
UrlEscapeW
PathCreateFromUrlW
SHDeleteEmptyKeyW
SHDeleteKeyW
SHGetValueW
AssocCreate
SHAutoComplete

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.su89s
Size: 732KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

809186c9ac9c64e1d15a65b50531097d

Headers

File Characteristics

Imports

kernel32

crypt32

msvcrt

shlwapi

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 6.9MB

.su89s Size: 732KB - Virtual size: 732KB

.rsrc Size: 387KB - Virtual size: 386KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 6.9MB

.su89s
Size: 732KB - Virtual size: 732KB

.rsrc
Size: 387KB - Virtual size: 386KB