2cbaf8b1add09ec4c44019d326725ede_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2cbaf8b1add09ec4c44019d326725ede_JaffaCakes118
Size

953KB
MD5

2cbaf8b1add09ec4c44019d326725ede
SHA1

a03952184bd9be18c6cd5e01654f29edd392c8b3
SHA256

e1f546e987f70d994a64b07032ff0af9ff5741cd665516e62469b1731006caa2
SHA512

68ed50315cccef959816b81d07c01ef822f548e2ab89613afba29f9824692eb60bb0f49bb7493eb797ae435caf67815751d52a3dc325fad69d54c27a255ba6c2
SSDEEP

24576:brlERxhDE9kJoTKFZHIdpaPuaENDwzNXOHhgzzwpCPl36:brlWxhFoT6JPuDDwX3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cbaf8b1add09ec4c44019d326725ede_JaffaCakes118

Files

2cbaf8b1add09ec4c44019d326725ede_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d3a9d54b22c6e650ee68afc882a864ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromProgID
StringFromCLSID
CoGetMalloc

user32

GetIconInfo
LoadIconW
GetClassNameW
ClientToScreen
GetWindowTextLengthW
RemovePropW
BeginPaint
GetDCEx
DrawIcon
SetMenuDefaultItem
DestroyMenu
CharUpperW
RegisterClipboardFormatW
CheckDlgButton
SetDlgItemTextW
GetWindowPlacement
SetWindowPos
RegisterClassExW
DefWindowProcW
SendMessageW
DispatchMessageW
GetMessageW
DrawEdge

kernel32

GetStringTypeW
HeapReAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
GetProcAddress
GetVersion
VirtualAlloc
HeapAlloc
HeapFree
HeapSize
GetCurrentProcessId
GetCurrentThreadId
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEndOfFile
GetSystemTimeAsFileTime
CreateEventW
GetModuleHandleW
FindNextFileW
WideCharToMultiByte
IsValidCodePage
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
FlushFileBuffers
CreateFileW
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
ReadFile
WriteFile
GetModuleFileNameW
GetStartupInfoW
GetFileType
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
GetStdHandle

shlwapi

SHGetValueW
SHDeleteValueW
UrlEscapeW
UrlIsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathRemoveBlanksW
PathIsUNCServerW
PathIsNetworkPathW
PathIsRootW
PathFindNextComponentW
PathBuildRootW
PathAddBackslashW
SHStrDupW
StrToIntExW
StrToIntW

crypt32

CryptHashCertificate
CertVerifyCertificateChainPolicy
CertGetNameStringW
CertNameToStrW
CryptHashPublicKeyInfo
CryptExportPKCS8
CryptExportPublicKeyInfo
CertGetCertificateContextProperty
CryptMsgUpdate
CryptEnumOIDInfo
CryptFindOIDInfo
CryptDecodeObject
CryptDecodeObjectEx
CryptEncodeObject

psapi

GetMappedFileNameW
GetModuleFileNameExW
GetModuleBaseNameW

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hwe5a
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.824a9
Size: 757KB - Virtual size: 759KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3a9d54b22c6e650ee68afc882a864ab

Headers

File Characteristics

Imports

ole32

user32

kernel32

shlwapi

crypt32

psapi

Sections

.text Size: 69KB - Virtual size: 68KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 6.6MB

.hwe5a Size: 102KB - Virtual size: 101KB

.824a9 Size: 757KB - Virtual size: 759KB

.text
Size: 69KB - Virtual size: 68KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 6.6MB

.hwe5a
Size: 102KB - Virtual size: 101KB

.824a9
Size: 757KB - Virtual size: 759KB