632f8576ad6334bc60d49518636c20e0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

632f8576ad6334bc60d49518636c20e0_JaffaCakes118
Size

1.7MB
MD5

632f8576ad6334bc60d49518636c20e0
SHA1

e1642eff8f27f934582ed29d10d74408f4430473
SHA256

e7682d1f4b73cae727239e1f2c0fe500f512d9fccba6ac39a999d837ac3c29c1
SHA512

ede363a679e2ada3ec645e2784a6f1abf48a977aca10943835c6a0c1643adda1e70fd75f9b693cb599a1adf084df30cbddb693ef29ec319732e2b0a2b7f36069
SSDEEP

24576:X8Xha4pTqnl3PaCB4touS7oCI5yimY1PqlYbIOrWIeWGXAmCnHgP8:XW4AeFa4IGCWIAgAE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
632f8576ad6334bc60d49518636c20e0_JaffaCakes118

Files

632f8576ad6334bc60d49518636c20e0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c2c1d21f3be42117c29af967b51cc3c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

SetPortW
DeleteFormW

shell32

SHGetPathFromIDListW

user32

DdeFreeStringHandle
DdeGetLastError
WinHelpW
DrawIconEx
LoadCursorW
GetWindow
GetParent
InvertRect
GetSysColorBrush
DestroyCaret
AdjustWindowRect
CreateWindowExW
DrawTextW
TrackPopupMenu
InsertMenuW
GetMenuItemCount
MsgWaitForMultipleObjects
GetKBCodePage
GetNextDlgTabItem
SetDlgItemTextW
GetDlgItem
EndDialog
GetWindowTextW

ntdsapi

DsCrackNamesW

advapi32

RegCreateKeyExW
RegDeleteKeyW

wtsapi32

WTSEnumerateSessionsW

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
CloseHandle
HeapSize
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
LoadLibraryExW
HeapFree
LeaveCriticalSection
GetCPInfo
GetACP
IsValidCodePage
CreateFileW
WideCharToMultiByte
IsDebuggerPresent
IsProcessorFeaturePresent
LocalFree
VirtualAlloc
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
GetSystemInfo
lstrlenW
GetModuleHandleExW
FindResourceW
GetOEMCP
GetStringTypeW
GetCommandLineW
RaiseException
EncodePointer
GetLastError
SetLastError
GetCurrentThreadId
DecodePointer
ExitProcess
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 7.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.em3t8s
Size: 747KB - Virtual size: 747KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.370i
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uoiyn
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2c1d21f3be42117c29af967b51cc3c1

Headers

File Characteristics

Imports

winspool.drv

shell32

user32

ntdsapi

advapi32

wtsapi32

kernel32

Sections

.text Size: 126KB - Virtual size: 125KB

.data Size: 245KB - Virtual size: 7.4MB

.idata Size: 3KB - Virtual size: 2KB

.xdata Size: 1024B - Virtual size: 724B

.em3t8s Size: 747KB - Virtual size: 747KB

.370i Size: 484KB - Virtual size: 484KB

.uoiyn Size: 127KB - Virtual size: 127KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 126KB - Virtual size: 125KB

.data
Size: 245KB - Virtual size: 7.4MB

.idata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 1024B - Virtual size: 724B

.em3t8s
Size: 747KB - Virtual size: 747KB

.370i
Size: 484KB - Virtual size: 484KB

.uoiyn
Size: 127KB - Virtual size: 127KB

.rsrc
Size: 4KB - Virtual size: 4KB