a905ad7596ca3cd75ed55492c794593d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a905ad7596ca3cd75ed55492c794593d_JaffaCakes118
Size

960KB
MD5

a905ad7596ca3cd75ed55492c794593d
SHA1

21a6d8ca143d6301e25fc78c76c63fa9022e8115
SHA256

32065bf55a10e1adad632872a14f8ee341fed74d5f479b21fd5883030b799f25
SHA512

c31004f533bbb56f434d319212a5f72eda7c2a8f3510de4d55d55f5e16f85db731cd537456f1abc1a3f580cadd014844e7578820e553a5eaab2fb6e795830fc6
SSDEEP

12288:N+Mtl3H1jQfzS9MqsB5D1BMHdYUm9K0SrKEPWxYWSn5+zfkf1XoGWQacB3VTxLTX:N73Hxkz/SHdFS4WWn5P4GWQ9LTyH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a905ad7596ca3cd75ed55492c794593d_JaffaCakes118

Files

a905ad7596ca3cd75ed55492c794593d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7d2d309d5927318c895d6ced80dd2478

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW

kernel32

GetFileType
SetEndOfFile
CloseHandle
MulDiv
lstrcmpW
lstrcmpiW
lstrlenW
TlsAlloc
LeaveCriticalSection
TlsFree
CreateMutexW
GetStartupInfoW
OutputDebugStringW
GetTempPathW
CreateFileW
QueryPerformanceCounter
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCurrentThreadId
GetEnvironmentStringsW
GetCurrentProcess
HeapFree
VirtualAlloc
GetVersion
GetProcAddress
TlsSetValue
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
HeapSize
HeapReAlloc
HeapAlloc
RtlUnwind
LoadLibraryExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TerminateProcess
Sleep
WriteConsoleW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
WriteFile
GetModuleFileNameW
DeleteCriticalSection
GetStdHandle
GetProcessHeap
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
SetLastError
GetCommandLineW

comctl32

InitializeFlatSB
FlatSB_SetScrollPos
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_GetBkColor
CreatePropertySheetPageW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash

wininet

HttpOpenRequestW

shlwapi

SHAutoComplete
AssocCreate
SHSetValueW
UrlEscapeW
UrlUnescapeW
UrlIsW
UrlCanonicalizeW
PathStripToRootW
PathStripPathW
PathRemoveBlanksW
PathIsURLW
PathIsRelativeW
PathFindNextComponentW
PathCombineW
PathCanonicalizeW
PathBuildRootW
PathAppendW
PathAddBackslashW
SHStrDupW
StrRetToBufW
StrCmpIW
StrCmpW
StrToIntExW
StrStrIW
StrStrW
StrPBrkW
StrDupW
StrCmpNW
StrChrIW
PathCreateFromUrlW

oleaut32

VarBoolFromStr
VarNeg
VarNot
RegisterTypeLi
SetErrorInfo
CreateErrorInfo
VarBstrFromBool
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VarI4FromStr
VariantClear
VariantInit
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayRedim
SysStringLen
SysFreeString
SysReAllocStringLen

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7vlb
Size: 840KB - Virtual size: 840KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d2d309d5927318c895d6ced80dd2478

Headers

File Characteristics

Imports

advapi32

kernel32

comctl32

wintrust

wininet

shlwapi

oleaut32

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 7.0MB

.7vlb Size: 840KB - Virtual size: 840KB

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 7.0MB

.7vlb
Size: 840KB - Virtual size: 840KB