2e7066406b7628cea4ad20998172e3d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e7066406b7628cea4ad20998172e3d1_JaffaCakes118
Size

1.2MB
MD5

2e7066406b7628cea4ad20998172e3d1
SHA1

0ecd2d2d9cf13618a4bb6458a5218848bcaf2463
SHA256

85b228f621f7e5739e04d705a6964f335c1e228d62850a9541c009ea42c8763b
SHA512

43c6fb8696d961222c9d1671767d1b1b682433a811f0b24c109211f2bc6339239da1c3b5dfca2d71fdd3de3afc78b63fc1e0130716a5942044f09164fe71207b
SSDEEP

12288:wCSeBxyGdpWe8XRMxCeDjlDwIQC9P0xq3jM8gS+LqmipLv2MbQiNt:wvQgACXWxCyBNQC8xqzM69n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e7066406b7628cea4ad20998172e3d1_JaffaCakes118

Files

2e7066406b7628cea4ad20998172e3d1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ea6660005407ac165d8a15d2452a19dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMonitorInfoW
FindWindowExW
IsRectEmpty
FillRect
GetSysColor
WindowFromPoint
MessageBoxW
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
SetScrollRange
LockWindowUpdate
BeginPaint
UpdateWindow
DrawTextW
GetSubMenu
EnableMenuItem
GetSystemMenu
IsWindowEnabled
GetActiveWindow
IsIconic
EndDeferWindowPos
CreateWindowExW
PostMessageW
DispatchMessageW

advapi32

RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW

kernel32

CreateDirectoryW
FindFirstFileW
GetSystemDirectoryW
CompareStringW
GetStringTypeW
CreateMutexW
CloseHandle
FindClose
HeapAlloc
SetEndOfFile
WriteFile
SetHandleCount
WaitForMultipleObjects
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
GetLastError
HeapSize
VirtualAlloc
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
CreateFileMappingW
EnterCriticalSection
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
GetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW

crypt32

CryptMsgUpdate
CryptBinaryToStringW
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CryptHashPublicKeyInfo
CryptExportPKCS8
CryptExportPublicKeyInfo
CertFindExtension
CertVerifyTimeValidity
CertGetPublicKeyLength
CertGetEnhancedKeyUsage
CertControlStore
CertAddStoreToCollection
CertFreeCTLContext
CertAddEncodedCertificateToStore
CertFreeCRLContext
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptMsgGetParam
CryptFindOIDInfo
CryptDecodeObject
CryptDecodeObjectEx
CryptEncodeObject

comctl32

ImageList_SetOverlayImage
ImageList_ReplaceIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_AddMasked
ImageList_GetIcon
ImageList_DragEnter
ImageList_DragMove
ImageList_SetIconSize
ImageList_GetImageInfo
ImageList_Add
ImageList_SetBkColor

setupapi

CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Get_DevNode_Registry_Property_ExW
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDeviceInterfaceW
SetupDiCreateDeviceInfoList
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupOpenFileQueue
SetupGetFieldCount
SetupCloseInfFile

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 742KB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea6660005407ac165d8a15d2452a19dd

Headers

File Characteristics

Imports

user32

advapi32

kernel32

crypt32

comctl32

setupapi

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 742KB - Virtual size: 8.0MB

.rsrc Size: 382KB - Virtual size: 382KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 742KB - Virtual size: 8.0MB

.rsrc
Size: 382KB - Virtual size: 382KB