b2f8e19bde19f2d8143ddcdee10a7767_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2f8e19bde19f2d8143ddcdee10a7767_JaffaCakes118
Size

1.4MB
MD5

b2f8e19bde19f2d8143ddcdee10a7767
SHA1

52a5f667d7b96e160266d65b1211cd6660fe2cef
SHA256

efaeb4f67098b6d31bf038430b808068730773f29b2c74c179e10bd60c18ced3
SHA512

03618d4f8c3c12f7068bccc09c38e709719ed4a3cc2f5596f16d1c1fe2ec35aa0185e235307cde9cb0a512382a2335544f0e4b65501d7c178de4e39e92695b33
SSDEEP

24576:iuk1IvjahMsyLHj1j0G2q6GiimLX6942UIZi3lWX9VmpDQ1:ieCyLHBgV764gi3oXvm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2f8e19bde19f2d8143ddcdee10a7767_JaffaCakes118

Files

b2f8e19bde19f2d8143ddcdee10a7767_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bb1271876df3b90c17487b07b6201aaf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

RegisterGPNotification
LeaveCriticalPolicySection
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
VirtualAlloc
GetLastError
LeaveCriticalSection
DeleteCriticalSection
ReadFile
CloseHandle
lstrcmpiW
LoadLibraryExW
ExpandEnvironmentStringsW
DeleteFileW
FindNextFileW
GetStringTypeW
GetConsoleCP
FlushFileBuffers
LCMapStringW
HeapSize
HeapReAlloc
HeapAlloc
OutputDebugStringW
RtlUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapFree
EnterCriticalSection
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
WriteFile
GetCommandLineW
SetLastError
CreateFileW
GetCurrentThreadId
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW

secur32

GetUserNameExW

uxtheme

EnableThemeDialogTexture
DrawThemeBackground

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHFileOperationW
ExtractIconExW
ShellExecuteW
DragQueryFileW
SHGetSpecialFolderLocation

ole32

CoTaskMemFree
CLSIDFromProgID
CoGetMalloc

shlwapi

PathSkipRootW
PathRemoveFileSpecW
PathRemoveBackslashW
PathParseIconLocationW
PathIsURLW
PathIsUNCServerW
PathIsUNCW
PathIsRootW
PathFindExtensionW
PathStripToRootW
PathAddBackslashW
SHStrDupW
StrRetToBufW
StrStrW
StrRChrW
StrPBrkW
StrFormatByteSizeW
StrCmpNW
StrChrIW
UrlUnescapeW
UrlEscapeW
SHDeleteEmptyKeyW
SHDeleteKeyW
SHDeleteValueW
AssocCreate
AssocQueryStringW
PathCombineW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb1271876df3b90c17487b07b6201aaf

Headers

File Characteristics

Imports

userenv

kernel32

secur32

uxtheme

shell32

ole32

shlwapi

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 19KB - Virtual size: 6.2MB

.idata Size: 3KB - Virtual size: 3KB

.xdata Size: 1024B - Virtual size: 724B

.rsrc Size: 11KB - Virtual size: 12KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 19KB - Virtual size: 6.2MB

.idata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 1024B - Virtual size: 724B

.rsrc
Size: 11KB - Virtual size: 12KB