2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118
Size

371KB
MD5

2e1c9df86798281f7bd72a4ec576c89a
SHA1

63ed5d5ebc6cfeabc4159cd151494101708dd154
SHA256

83e8b72b3f30b2f74ddc49f2e7e510a1b6e2df2d25f2b12b359094858a4562e8
SHA512

46f30ab59a5e079975beb7199d68b9f283a052f28ebb9bd0b1c03961437c0bfdf6050f157faa252968875e234080535f7261b96f7c8b0d622d1b58ea1ab754ca
SSDEEP

6144:QgS/jqoVV6VCxkY4THjzgcwzI3eJv/2dg/c1NfR4aAfmKjjjjjjjjjjjj72+ai/:Qz/jhVV6VekY4DYz6svOWk1NfirfjjjP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118

Files

2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1a968765654311b5aebf8ea03afe7a86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\unexpected\Incoming\madness\Act.pdb

Imports

kernel32

LCMapStringW
WriteConsoleW
HeapSize
SetStdHandle
SetEnvironmentVariableA
CompareStringW
MultiByteToWideChar
FlushFileBuffers
HeapReAlloc
LoadLibraryW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
WideCharToMultiByte
InterlockedDecrement
Sleep
InterlockedIncrement
TlsFree
GetStringTypeW
FileTimeToSystemTime
TlsAlloc
RtlUnwind
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetModuleFileNameW
WriteFile
ExitProcess
GetModuleHandleW
HeapCreate
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
lstrcpyA
CloseHandle
GetCurrentThreadId
GetModuleHandleA
LocalAlloc
GetLocalTime
GetProcAddress
lstrcmpiA
GetLastError
GetStdHandle
lstrcatA
TzSpecificLocalTimeToSystemTime
GetSystemTimeAsFileTime
GetProcessHeap
EncodePointer
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
RaiseException
GetStartupInfoW
HeapSetInformation
CreateFileW
GetCommandLineA
LeaveCriticalSection
EnterCriticalSection
HeapFree
CompareFileTime
TlsSetValue
GetTimeZoneInformation
SystemTimeToFileTime
HeapAlloc
TlsGetValue
GetSystemTimeAdjustment
SetLastError
lstrlenA

user32

MessageBoxW
DeferWindowPos
DispatchMessageA
BeginDeferWindowPos
IsWindow
AppendMenuA
DrawMenuBar
SetWindowTextA
SetMenu
UpdateWindow
PostMessageA
LoadCursorA
ShowWindow
LoadAcceleratorsA
GetCursorPos
GetSysColor
DefWindowProcA
GetDlgItem
TranslateAcceleratorA
EnableMenuItem
ReleaseDC
EndDeferWindowPos
CheckMenuItem
RegisterClassA
GetWindow
CreateWindowExA
InvalidateRect
EnumThreadWindows
MoveWindow
CreatePopupMenu
DestroyWindow
GetMessageA
SetTimer
MapDialogRect
InsertMenuItemA
RegisterClassExA
PostQuitMessage
DrawTextW
GetFocus
GetParent
LoadIconA
wsprintfA
GetClientRect
CreateMenu
SendMessageA
BeginPaint
GetDC
TranslateMessage
OffsetRect
MessageBoxA

gdi32

CreateCompatibleDC
MoveToEx
LineTo
SetTextColor
SetBkColor
SetBkMode
DeleteObject
SelectObject
PolyDraw
CreateCompatibleBitmap
SaveDC
PolyBezierTo
CreatePen
GetClipBox
PolyBezier
GetStockObject
CreateSolidBrush

advapi32

GetUserNameW

shell32

SHEmptyRecycleBinA
SHQueryRecycleBinA

ole32

CoInitialize
CoCreateInstance

netapi32

NetShareDelSticky
NetShareCheck

psapi

GetModuleFileNameExA

avifil32

CreateEditableStream

winmm

waveOutPrepareHeader
waveOutWrite
waveOutClose
waveOutOpen

cryptui

CryptUIWizImport

iphlpapi

GetInterfaceInfo

shlwapi

PathAppendA
PathFindFileNameA
PathCompactPathA

comctl32

ord17

gdiplus

GdipDisposeImage
GdipDeleteGraphics
GdipCreateBitmapFromGraphics
GdipDeletePen
GdipCreateFromHDC
GdipCreatePen1
GdipGetImageGraphicsContext
GdipDrawLine

setupapi

SetupDiDeleteDeviceInterfaceRegKey
SetupDiInstallDevice

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesA

windowscodecs

WICMapGuidToShortName

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a968765654311b5aebf8ea03afe7a86

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

netapi32

psapi

avifil32

winmm

cryptui

iphlpapi

shlwapi

comctl32

gdiplus

setupapi

wtsapi32

windowscodecs

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 254KB - Virtual size: 254KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 254KB - Virtual size: 254KB