a2d644ddb0613f3d21212cb030723f67_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a2d644ddb0613f3d21212cb030723f67_JaffaCakes118
Size

563KB
MD5

a2d644ddb0613f3d21212cb030723f67
SHA1

c4b339b3a57b329c089c668809e95f962e6d2f25
SHA256

50febf6c214953234753525e48313014170b4222e42140d1d4373e3458989e65
SHA512

6a417934117950fa26d6183259cb0a84f4e471fc46420b0fdd0e94cd74786277714e53aca8e15855546088e9857740ad34df5a30950a4eab8b2c1732f4e34660
SSDEEP

12288:DF8YkIibLrzW006prpb5Vog+/GTq2BZLI+Hqb5N9:6+Wrzx0WHWgcqzvLu9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a2d644ddb0613f3d21212cb030723f67_JaffaCakes118

Files

a2d644ddb0613f3d21212cb030723f67_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e7cc3cac12b6ffbf8fa52d8e4c392884

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_UP_SYSTEM_ONLY

Imports

kernel32

GetStartupInfoA
GetLastError
GetLongPathNameW
GetProcAddress
GlobalFree
LoadLibraryA
Process32Next
CreateIoCompletionPort
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
GetCurrentProcessId
SuspendThread
ResumeThread
CreateThread
SetEnvironmentVariableA
CompareStringW
CreateFileW
GetStringTypeW
LCMapStringW
IsProcessorFeaturePresent
OutputDebugStringW
OutputDebugStringA
WaitForSingleObject
SetFilePointer
WriteConsoleW
SetStdHandle
RtlUnwind
CreateDirectoryA
LoadLibraryW
IsValidCodePage
GetCPInfo
TerminateThread
GetACP
HeapFree
HeapQueryInformation
HeapSize
HeapReAlloc
HeapAlloc
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
QueryPerformanceCounter
SetLastError
TlsFree
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetFileAttributesA
GetModuleFileNameW
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
FlushFileBuffers
SetConsoleTitleA
SetThreadPriority
MultiByteToWideChar
lstrcatA
TerminateProcess
CreateProcessA
GetConsoleWindow
GetExitCodeProcess
Sleep
GetConsoleTitleA
GetCurrentThread
ExitProcess
GetModuleHandleW
RaiseException
DecodePointer
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
IsBadReadPtr
HeapValidate
GetTickCount
GetOEMCP
GetQueuedCompletionStatus
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection

user32

LoadCursorA
FindWindowA
ShowScrollBar
DrawMenuBar
ShowWindow
EnumDisplayDevicesA
GetClassLongA
SetWindowTextA
BeginDeferWindowPos
DestroyWindow
SetCursor
GetSystemMenu
SetTimer
RegisterClassExA
PostQuitMessage
FillRect
SetCapture
KillTimer
GetParent
LoadIconA
wsprintfA
SetWindowPos
GetClientRect
GetWindowTextLengthA
SendMessageA
GetDC
GetMenu
OffsetRect
GetWindowTextA
SetWindowLongA
MessageBoxA
GetWindowLongA
CreateWindowExA
ReleaseDC
EnableMenuItem
SetClassLongA
DefWindowProcA

gdi32

GetDeviceCaps
CreateDCA
DeleteObject
SelectObject
CreateSolidBrush
EnumFontsA
DeleteDC

comdlg32

PrintDlgA

shell32

DragQueryFileA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysStringLen
OleLoadPicture

ws2_32

WSAGetLastError
WSASend
WSARecv
closesocket

comctl32

ord6
ImageList_Create

msi

ord178

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.defdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jave
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7cc3cac12b6ffbf8fa52d8e4c392884

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

ws2_32

comctl32

msi

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 9KB - Virtual size: 16KB

.defdata Size: 276KB - Virtual size: 275KB

.jave Size: 7KB - Virtual size: 7KB

.wdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 85KB - Virtual size: 84KB

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 9KB - Virtual size: 16KB

.defdata
Size: 276KB - Virtual size: 275KB

.jave
Size: 7KB - Virtual size: 7KB

.wdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 85KB - Virtual size: 84KB