65850b1967d55b661db5a80112645363_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

65850b1967d55b661db5a80112645363_JaffaCakes118
Size

3.2MB
MD5

65850b1967d55b661db5a80112645363
SHA1

9fbf76e725217b14ff9aa2aac6c8c6d31b5a117c
SHA256

6770fa7f67f18cd3de530289d6ac57d192e401cc1aa66a4cddb4a9a5808eb959
SHA512

f793084075acc91c19f10b3f218fe1c46ca66ec2bccf949ebed0b16ce69c48f5a9653bd9d1c3a7e287c913375b72fd9224a5c7ec4e6630d69897e2f891e533f0
SSDEEP

12288:xzzIn4OiaBCK4Kl2//I6htcCdS9QcRd2JT1stEGmeaIKOM5w6cmZvPK5bVcfv0Qz:xzTOVH4X1HJStE3BpG23Kxun0QYivaw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
65850b1967d55b661db5a80112645363_JaffaCakes118

Files

65850b1967d55b661db5a80112645363_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2d2916be16a5d61eab67c95c6bc8187e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
GetCurrentThreadId
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
GetModuleHandleW
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
EnterCriticalSection
LeaveCriticalSection
HeapFree
RtlUnwind
GetStringTypeW
HeapAlloc
HeapReAlloc
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
CloseHandle
CreateFileW
IsProcessorFeaturePresent
RaiseException
GetCommandLineW
GetConsoleWindow
GetCPInfo
BuildCommDCBW
FindNextFileW
FindFirstFileW
OutputDebugStringW
LoadLibraryExW
CreateEventW
FormatMessageW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MulDiv
SetFilePointerEx
SetEndOfFile
ReadFile
WaitForMultipleObjects
ReleaseSemaphore
FreeEnvironmentStringsW
VirtualAlloc
LocalAlloc
GlobalAlloc

user32

DdeCreateDataHandle
ActivateKeyboardLayout
DefWindowProcW
GetWindowPlacement
UnpackDDElParam
GetMenuBarInfo
GetCursorInfo
GetScrollInfo
CopyIcon
CreateIcon
FindWindowExW
FillRect
GetClipCursor
GetWindowTextW
ShowScrollBar
DrawTextW
EndMenu
GetMenuItemID
ToAsciiEx
CharLowerW
GetDialogBaseUnits
CheckDlgButton
GetDlgItemInt

advapi32

RegQueryInfoKeyW

mprapi

MprConfigServerDisconnect
MprConfigTransportDelete
MprConfigInterfaceDelete
MprConfigInterfaceGetHandle

winspool.drv

EndPagePrinter
AddFormW

crypt32

CryptEncodeObject
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertOpenStore
CertEnumCertificatesInStore
CertCreateCertificateContext
CertSetCertificateContextProperty
CertGetCertificateContextProperty
CertAddEncodedCertificateToStore
CertAddCertificateContextToStore
CertFreeCTLContext
CertControlStore
CertGetPublicKeyLength
CryptHashCertificate
CertFindExtension
CryptExportPublicKeyInfo
CryptAcquireCertificatePrivateKey
CryptHashPublicKeyInfo
CryptProtectData
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 787KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.16a4d3
Size: 780KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7055
Size: 682KB - Virtual size: 682KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hl6yl
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.o79lo
Size: 215KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d2916be16a5d61eab67c95c6bc8187e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

mprapi

winspool.drv

crypt32

Sections

.text Size: 104KB - Virtual size: 103KB

.data Size: 787KB - Virtual size: 7.1MB

.idata Size: 4KB - Virtual size: 3KB

.xdata Size: 1024B - Virtual size: 724B

.16a4d3 Size: 780KB - Virtual size: 780KB

.7055 Size: 682KB - Virtual size: 682KB

.hl6yl Size: 387KB - Virtual size: 387KB

.o79lo Size: 215KB - Virtual size: 214KB

.rsrc Size: 362KB - Virtual size: 362KB

.text
Size: 104KB - Virtual size: 103KB

.data
Size: 787KB - Virtual size: 7.1MB

.idata
Size: 4KB - Virtual size: 3KB

.xdata
Size: 1024B - Virtual size: 724B

.16a4d3
Size: 780KB - Virtual size: 780KB

.7055
Size: 682KB - Virtual size: 682KB

.hl6yl
Size: 387KB - Virtual size: 387KB

.o79lo
Size: 215KB - Virtual size: 214KB

.rsrc
Size: 362KB - Virtual size: 362KB