020a9317514f69a11b925bfc8a01234d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

020a9317514f69a11b925bfc8a01234d_JaffaCakes118
Size

401KB
MD5

020a9317514f69a11b925bfc8a01234d
SHA1

81de611b7f4483c2cb9533b2084b3ecbe1f109a3
SHA256

88423ca73052c335ff0dc1bc92c1ed456e1b8c606b832bc9f9612785b1731f62
SHA512

83325b369c57d69d33aa95a60ef9ba5b158b243bd19ad9f16a93d943d69bd7e4ea86bc67b6ce31875b58a56e4517ee05cdbd0f1ef42e0e4f707d8764c7662c77
SSDEEP

12288:R75X5zc6c55zyRLssJgL4fhyjvBiTXAT:BLc6c55+kDJkA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
020a9317514f69a11b925bfc8a01234d_JaffaCakes118

Files

020a9317514f69a11b925bfc8a01234d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50e2912e3decfa65b90783548e7c62bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallMsgFilterW
SetWindowLongA
GetClassLongA
EnumClipboardFormats
IsZoomed
KillTimer
ToAscii
InsertMenuItemA

advapi32

DuplicateTokenEx
RegConnectRegistryA
CryptEnumProviderTypesW
RegQueryValueW
CryptAcquireContextW
CryptHashData
RegOpenKeyExW
RegQueryValueExW

wininet

InternetCanonicalizeUrlA
InternetCrackUrlW
FtpDeleteFileW
FtpSetCurrentDirectoryW
InternetSetDialState
LoadUrlCacheContent
InternetFindNextFileA
InternetShowSecurityInfoByURL
UnlockUrlCacheEntryFile
GetUrlCacheEntryInfoExA
CreateUrlCacheContainerA
GetUrlCacheHeaderData
InternetDialA
InternetAutodial
InternetReadFileExA
InternetOpenUrlW
FtpGetCurrentDirectoryA
ReadUrlCacheEntryStream
UnlockUrlCacheEntryStream
InternetGetCertByURL
HttpSendRequestA
CommitUrlCacheEntryA

gdi32

UpdateICMRegKeyA
GetROP2
FillRgn
DeleteMetaFile
CreateDiscardableBitmap
GetAspectRatioFilterEx

kernel32

InitializeCriticalSection
LCMapStringW
LeaveCriticalSection
LCMapStringA
InterlockedExchange
GetCurrentProcessId
GetProcAddress
HeapSize
GetTimeFormatA
FindFirstFileExA
GetFileType
CreateFileMappingW
GetDateFormatA
GetCPInfo
VirtualFree
GetTimeZoneInformation
FreeEnvironmentStringsA
GetProfileStringA
GetStringTypeA
SetEnvironmentVariableA
LoadLibraryA
TlsAlloc
RtlUnwind
RtlFillMemory
EnterCriticalSection
IsBadWritePtr
SetLastError
GetModuleFileNameA
LocalShrink
VirtualQuery
IsValidCodePage
WritePrivateProfileStructA
CompareStringA
IsValidLocale
GetEnvironmentStrings
GetStartupInfoA
GetLocaleInfoW
TlsGetValue
GetVersionExA
GetStdHandle
GetCurrentThreadId
DeleteCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetLastError
EnumResourceNamesW
HeapAlloc
WideCharToMultiByte
CompareStringW
WriteFile
GetCommandLineA
MultiByteToWideChar
SuspendThread
GetCurrentThread
EnumSystemLocalesA
ExitThread
GetLocaleInfoA
GetEnvironmentStringsW
GetSystemInfo
GetTickCount
TlsSetValue
UnhandledExceptionFilter
EnumResourceTypesW
SetHandleCount
GetModuleHandleA
SetLocalTime
RaiseException
TerminateProcess
VirtualProtect
HeapDestroy
GetShortPathNameA
HeapReAlloc
VirtualAlloc
GetACP
GetCurrentProcess
GetSystemTimeAsFileTime
GetStringTypeW
HeapFree
GetUserDefaultLCID
EnumResourceLanguagesA
QueryPerformanceCounter
GetProcessAffinityMask
TlsFree
HeapCreate
GetOEMCP

comdlg32

ChooseFontA
ChooseColorW
PrintDlgW
ReplaceTextW
GetFileTitleA

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 271KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50e2912e3decfa65b90783548e7c62bf

Headers

File Characteristics

Imports

user32

advapi32

wininet

gdi32

kernel32

comdlg32

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 271KB - Virtual size: 301KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 271KB - Virtual size: 301KB

.rsrc
Size: 12KB - Virtual size: 12KB