620a73e9690d5d16b25f29c4ce504d96JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

620a73e9690d5d16b25f29c4ce504d96JaffaCakes118
Size

108KB
MD5

620a73e9690d5d16b25f29c4ce504d96
SHA1

b394b7cf4921dd38800ecd6ac76ad9d9720a4154
SHA256

c359659e8b70bb81babd4817af949562b34d2c46fb018a7b9cc726f475c16e02
SHA512

28830f6262ff374ade25433ee9d88f519ea7cc1d0f78a9dabd9eb36fc16aea4aba9159f9d76be744e92ab9dfa62202898d3fa9fffbe674e3a9361d83e7ae5b43
SSDEEP

1536:amBs4QBip3sCXOlywLkiVXGKniwJxxxP1zC4Ha5Oh+w87ui2uCcEuWHeN:ar4Q8JsCedLXLrJ7x9zn/87TTCNuWHo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
620a73e9690d5d16b25f29c4ce504d96JaffaCakes118

Files

620a73e9690d5d16b25f29c4ce504d96JaffaCakes118
.exe windows:4 windows x86 arch:x86

e2f1000d31e7cde9a46e9f5b1a56321c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommState
GetStringTypeExW
_lopen
GetGeoInfoA

gdi32

Ellipse
SetWorldTransform
SetPixel
GetTextFaceA
CopyEnhMetaFileW
GetTextCharsetInfo
Polygon
GetEnhMetaFileHeader
CloseEnhMetaFile
SaveDC
PatBlt
PlayEnhMetaFile
CreatePen
CreateFontA
GetEnhMetaFileBits
ExtFloodFill
ExtCreateRegion
GetTextMetricsA
EndPage
CreateBitmap
SetTextCharacterExtra
GetTextExtentPoint32W
GetClipBox
GdiFlush
StartPage
GetObjectA
CreateRoundRectRgn
LPtoDP
CreateDCA
SelectClipRgn
GetObjectW
SetRectRgn
RestoreDC

advapi32

LsaFreeMemory
InitializeSid
RegUnLoadKeyW
CopySid
RevertToSelf
GetAce
RegCreateKeyW
AddAce
GetKernelObjectSecurity
RegCreateKeyA
SetSecurityDescriptorSacl
RegisterEventSourceA
RegSetValueExA
RegQueryValueW
AllocateAndInitializeSid
RegDeleteKeyA
RegOpenKeyExA
SetEntriesInAclW
LookupAccountNameW
QueryServiceConfigW
CreateProcessAsUserW
SetSecurityDescriptorOwner
CloseServiceHandle
RegSetValueExW
GetSidSubAuthorityCount
StartServiceCtrlDispatcherW
StartServiceA
RegCreateKeyExW
RegQueryValueA
OpenSCManagerA
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegConnectRegistryA
LsaQueryInformationPolicy
RegOpenKeyExW

urlmon

HlinkGoForward
URLOpenPullStreamW
MkParseDisplayNameEx
HlinkSimpleNavigateToString
IsLoggingEnabledA
URLDownloadToCacheFileW
HlinkNavigateString
WriteHitLogging
CreateAsyncBindCtxEx
RegisterFormatEnumerator
CoInternetCreateSecurityManager
CreateAsyncBindCtx
RegisterMediaTypeClass
CoInternetCreateZoneManager
CoInternetGetSecurityUrl
HlinkNavigateMoniker
RegisterMediaTypes
CoInternetParseUrl
URLOpenBlockingStreamW
RevokeBindStatusCallback
GetClassFileOrMime
ReleaseBindInfo
IsAsyncMoniker
CoInternetQueryInfo
IsValidURL
CoInternetGetSession

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2f1000d31e7cde9a46e9f5b1a56321c

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

urlmon

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 42KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 42KB

.rsrc
Size: 16KB - Virtual size: 15KB