2d3398637400275ced6ba05a3415e254_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2d3398637400275ced6ba05a3415e254_JaffaCakes118
Size

1.1MB
MD5

2d3398637400275ced6ba05a3415e254
SHA1

28997198f76e85eaf6369bb25d5eff2a6ff6e26d
SHA256

2f61dd1adb50abc45848ffa4fd4694ff3a71499f466524d17569a321aa73a26b
SHA512

1a90dcfc91a53304841b12331741a136dd4cbf73aefbb1d238388da08c333d91d50b5dfb6302cced2734fb6d26a2259893bfa08a7948c0535d6e1dceaab6a300
SSDEEP

24576:LnNwpNhF3YKEW6en6LaHlig2cfPWCjmIqZ5rtBjFt:LNqNhFIKlPSqdfOiYPB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d3398637400275ced6ba05a3415e254_JaffaCakes118

Files

2d3398637400275ced6ba05a3415e254_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9dd42d44d8970a7253e870854af668cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

LeaveCriticalPolicySection

psapi

GetDeviceDriverBaseNameW
GetModuleBaseNameW

ole32

StringFromCLSID
CLSIDFromString
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

mpr

WNetOpenEnumW
WNetGetConnectionW

kernel32

CreateFileW
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
WriteConsoleW
GetCurrentProcessId
LCMapStringW
GetProcAddress
GlobalLock
VirtualAlloc
HeapAlloc
HeapFree
GetCurrentThreadId
GetLastError
DeleteCriticalSection
ReleaseSemaphore
LoadResource
SetHandleCount
WriteFile
SetEndOfFile
CloseHandle
lstrcmpW
CreateFileMappingW
OutputDebugStringW
FindResourceExW
QueryPerformanceCounter
GetThreadLocale
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
RtlUnwind
HeapReAlloc
GetStringTypeW
HeapSize
GetConsoleMode

wininet

HttpQueryInfoW
InternetOpenUrlW
InternetConnectW

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kih0s
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.9fet
Size: 917KB - Virtual size: 917KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dd42d44d8970a7253e870854af668cb

Headers

File Characteristics

Imports

userenv

psapi

ole32

advapi32

mpr

kernel32

wininet

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 6.9MB

.kih0s Size: 70KB - Virtual size: 70KB

.9fet Size: 917KB - Virtual size: 917KB

.rsrc Size: 14KB - Virtual size: 16KB

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 6.9MB

.kih0s
Size: 70KB - Virtual size: 70KB

.9fet
Size: 917KB - Virtual size: 917KB

.rsrc
Size: 14KB - Virtual size: 16KB