2ff950cbf94053abb2461fabd0358e7e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ff950cbf94053abb2461fabd0358e7e_JaffaCakes118
Size

930KB
MD5

2ff950cbf94053abb2461fabd0358e7e
SHA1

f0405fbed617d8ad11780158df4771a801b5d2a3
SHA256

2bb126d45eb58a5f6fe7fd6a1c45e39bd914382bf5230590d9f45854695ac258
SHA512

582d8c47d750d4a5c75b8c596d280a8703fefc18ae9fd452f668a4222096fc6e340733bab8c7d21e66bcb10307ecebb78e8a05c9ec48c097b277328537f43401
SSDEEP

12288:IqtInDmCqcXYJ1IFMpIchx6zwm2xYPRbgmHoEA3zaG5KTXXy0NNclBTgWVFYBkUS:ztIDQ7n+72YX0HaBkopnW73j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ff950cbf94053abb2461fabd0358e7e_JaffaCakes118

Files

2ff950cbf94053abb2461fabd0358e7e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b7c574b1fcc4f1248e69446086b515a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
GetProcAddress
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
TerminateProcess
Process32NextW
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetLastError
GetModuleFileNameA
WinExec
GetVersionExW
GetSystemDirectoryW
FreeLibrary
GetDriveTypeW
SleepEx
SystemTimeToFileTime
GetFileInformationByHandle
UnmapViewOfFile
LocalFileTimeToFileTime
SetFileTime
InterlockedCompareExchange
SetEvent
OutputDebugStringW
InitializeCriticalSection
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
GetCurrentThreadId
FlushFileBuffers
CreateEventW
ResetEvent
WaitForMultipleObjects
InterlockedDecrement
WaitForSingleObject
DuplicateHandle
QueryPerformanceCounter
CreateProcessW
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
FindResourceExW
SetFilePointer
ResumeThread
FormatMessageA
ExpandEnvironmentStringsA
VerifyVersionInfoW
VerSetConditionMask
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadConsoleW
PeekNamedPipe
SetFilePointerEx
GetConsoleCP
GetFileType
GetTimeZoneInformation
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
SetEndOfFile
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadFile
GetTempPathW
GetFileSize
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetTempFileNameW
DeleteFileW
MoveFileExW
SizeofResource
LockResource
LoadResource
FindResourceW
DecodePointer
CloseHandle
WriteFile
CreateFileW
CreateDirectoryW
lstrcpynW
GetFileAttributesW
GetModuleFileNameW
SetFileAttributesW
SetDllDirectoryW
WritePrivateProfileStringW
GetModuleHandleW
GetTickCount
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LoadLibraryExW
ExitThread
CreateThread
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetFullPathNameW
GetCommandLineW
GetSystemTimeAsFileTime
AreFileApisANSI
GetModuleHandleExW
ExitProcess
RtlUnwind
GetStringTypeW
EncodePointer
IsDebuggerPresent
GetCurrentDirectoryW
GetConsoleMode
GetExitCodeProcess
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
InterlockedIncrement

user32

RegisterWindowMessageW
SetTimer
DefWindowProcW
PostMessageW
FindWindowA
SendMessageTimeoutW
SendMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
CallWindowProcW
CreateWindowExW
IsWindow
DestroyWindow
KillTimer
GetWindowLongW
SetWindowLongW

advapi32

CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
RegOpenKeyExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyW
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
CryptDestroyKey

shell32

SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

shlwapi

PathAppendW
wnsprintfW
PathAddBackslashW
StrCmpNIW
PathFileExistsW
PathIsDirectoryW

wininet

InternetCloseHandle
InternetSetStatusCallbackW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFileExA

iphlpapi

GetAdaptersInfo

ws2_32

recvfrom
socket
freeaddrinfo
listen
accept
__WSAFDIsSet
WSAIoctl
gethostname
getpeername
getsockname
bind
connect
WSAGetLastError
ntohs
getaddrinfo
sendto
htons
WSASetLastError
select
WSAStartup
setsockopt
ioctlsocket
recv
send
WSACleanup
getsockopt
closesocket

wldap32

ord46
ord301
ord27
ord147
ord167
ord208
ord145
ord14
ord216
ord79
ord26
ord41
ord127
ord142
ord133
ord118

Sections

.text
Size: 635KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7c574b1fcc4f1248e69446086b515a3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

wininet

iphlpapi

ws2_32

wldap32

Sections

.text Size: 635KB - Virtual size: 635KB

.rdata Size: 170KB - Virtual size: 169KB

.data Size: 18KB - Virtual size: 33KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 34KB - Virtual size: 34KB

.text
Size: 635KB - Virtual size: 635KB

.rdata
Size: 170KB - Virtual size: 169KB

.data
Size: 18KB - Virtual size: 33KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 34KB - Virtual size: 34KB