a65f15ee8e199aa6e93fabd16dd4e5a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a65f15ee8e199aa6e93fabd16dd4e5a6_JaffaCakes118
Size

837KB
MD5

a65f15ee8e199aa6e93fabd16dd4e5a6
SHA1

954c449a184ae3d58bd4e0caa9908c23a7dd1a8a
SHA256

6f692e38b9418dd311f7adcf9b248c1b00c591f6d0b9d166b9872443e85d3714
SHA512

485152920b7f98b383cf4929886486a1c5ae54e9919bde40da053846a4aa495c0204d01e1ee3868438ba7d385aa53899e77881310c8207abda1be2f1de8c6ccb
SSDEEP

24576:s6WN5xlm+dHofGX19EkBKoq3IiwyAwCd0vDGGCX2u:kLftDCvAw68u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a65f15ee8e199aa6e93fabd16dd4e5a6_JaffaCakes118

Files

a65f15ee8e199aa6e93fabd16dd4e5a6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c83014d602a9fb453d842f3ebaa75ece

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

ConfigurePortW

user32

DdeConnect
InflateRect
FrameRect
ScreenToClient
DestroyCaret
GetDC

crypt32

CryptEncodeObject
CertFreeCertificateContext
CertAddEncodedCertificateToStore
CertFreeCTLContext
CertControlStore
CryptHashPublicKeyInfo
CertGetNameStringW
CertGetCertificateChain
CryptBinaryToStringW
CryptDecodeObject

kernel32

CloseHandle
GetCommProperties
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FormatMessageW
lstrcmpiW
WriteFileGather
GetModuleHandleW
GetCommandLineW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetFileAttributesW
BindIoCompletionCallback
OpenJobObjectW
GetACP
GetCPInfo
WideCharToMultiByte
LCMapStringW
GetStringTypeW
GetConsoleWindow
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
GlobalLock
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetFileShortNameW
SetLastError
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetOEMCP
HeapAlloc
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
LCMapStringA
GetStringTypeA
InterlockedDecrement
InterlockedIncrement
GetVersion
GetProcAddress
ReadFile
WriteFile
GetFileSize
LoadResource
WaitForMultipleObjects
GetLastError
GetCurrentThreadId
GetEnvironmentStringsW
VirtualAlloc
LocalFree
UnhandledExceptionFilter

comctl32

FlatSB_SetScrollProp
FlatSB_SetScrollPos
_TrackMouseEvent
CreateStatusWindowW
CreateToolbarEx
ImageList_GetImageInfo
ImageList_Write
ImageList_DragMove
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_Remove
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_GetImageCount
ord17
PropertySheetW
ImageList_DragLeave

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ao38
Size: 756KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c83014d602a9fb453d842f3ebaa75ece

Headers

File Characteristics

Imports

winspool.drv

user32

crypt32

kernel32

comctl32

Sections

.text Size: 53KB - Virtual size: 53KB

.data Size: 12KB - Virtual size: 7.1MB

.idata Size: 3KB - Virtual size: 3KB

.ao38 Size: 756KB - Virtual size: 756KB

.rsrc Size: 10KB - Virtual size: 11KB

.text
Size: 53KB - Virtual size: 53KB

.data
Size: 12KB - Virtual size: 7.1MB

.idata
Size: 3KB - Virtual size: 3KB

.ao38
Size: 756KB - Virtual size: 756KB

.rsrc
Size: 10KB - Virtual size: 11KB