047bd779c253c4de8a95b35ab3f1c762_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

047bd779c253c4de8a95b35ab3f1c762_JaffaCakes118
Size

437KB
MD5

047bd779c253c4de8a95b35ab3f1c762
SHA1

45a5314c207621c011c2238e03a0272d68fe548c
SHA256

b8f931486aa95bb79d47190793e9145c83d615ad367ccf1286ad29ec091b5848
SHA512

ffd9f5855478c43f8b637cfecd838eac8c504e2f2d84531e353a5f44517af78d1af5e6e851c57c7a392960d67d2c57b7484e6470789b771d649cbc0f9be54bc1
SSDEEP

12288:iCaTG59YYYuGF0z6gJ9sqinDyZHyaJOAXoDBg3:LD597YBF6JJ9+G1ysOAT3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
047bd779c253c4de8a95b35ab3f1c762_JaffaCakes118

Files

047bd779c253c4de8a95b35ab3f1c762_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc8b790fa548f7f4fd5f3792f766151e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGenRandom
RegNotifyChangeKeyValue
RegQueryValueExW
InitiateSystemShutdownA
CryptEnumProviderTypesA
RegEnumKeyW
CryptDecrypt
StartServiceA
CryptGetDefaultProviderA
RegReplaceKeyW
LookupPrivilegeDisplayNameA
LogonUserW
CryptEncrypt
RegSaveKeyA
CryptHashSessionKey
CryptSetProviderExW
CryptCreateHash

comdlg32

PrintDlgW
GetSaveFileNameA
PageSetupDlgW
GetFileTitleW
GetOpenFileNameW
PageSetupDlgA
ReplaceTextW
ChooseFontW
LoadAlterBitmap
FindTextA
PrintDlgA
ChooseColorA
FindTextW
GetOpenFileNameA
ReplaceTextA
ChooseFontA
GetSaveFileNameW
GetFileTitleA

wininet

InternetAlgIdToStringA
InternetTimeFromSystemTimeW
InternetCombineUrlW
InternetAttemptConnect
InternetShowSecurityInfoByURL
InternetConfirmZoneCrossingA
InternetSetOptionExA
InternetSetDialStateW
SetUrlCacheEntryGroupA
FtpDeleteFileW
GetUrlCacheHeaderData
GopherCreateLocatorA
CommitUrlCacheEntryW
InternetGetCertByURL
RetrieveUrlCacheEntryStreamA
InternetQueryOptionW
InternetQueryFortezzaStatus
GetUrlCacheGroupAttributeW
FindFirstUrlCacheContainerA

shell32

SHGetDesktopFolder
DragQueryFileA
SheSetCurDrive
SHGetDataFromIDListA
ExtractIconA
SHFormatDrive
InternalExtractIconListA
FreeIconList
SHGetSettings
SHFileOperationA
SHFileOperation
SHGetDataFromIDListW
DragQueryFile
DragQueryFileAorW
ExtractIconW
SHGetPathFromIDListW
ExtractAssociatedIconExA
RealShellExecuteExW
SHGetInstanceExplorer

kernel32

GetEnvironmentStringsW
ExitProcess
HeapReAlloc
IsValidCodePage
TlsSetValue
QueryPerformanceCounter
EnterCriticalSection
InterlockedExchange
LoadLibraryA
RtlZeroMemory
SetConsoleCtrlHandler
SetHandleCount
CompareStringA
GetProcAddress
MultiByteToWideChar
GetCurrentThread
SetLastError
LCMapStringA
VirtualFree
GetTickCount
GetModuleHandleW
GetLocaleInfoA
GetSystemTimeAsFileTime
GetModuleHandleA
VirtualQuery
HeapFree
DeleteCriticalSection
GetLocaleInfoW
VirtualAlloc
InterlockedIncrement
GetStringTypeA
GetUserDefaultLCID
WideCharToMultiByte
GetEnvironmentStrings
GetCPInfo
InterlockedDecrement
lstrcmp
GetStringTypeW
GetLastError
TlsGetValue
HeapCreate
GetModuleFileNameA
Sleep
GetOEMCP
TlsFree
FreeEnvironmentStringsA
GetCommandLineW
GetDateFormatA
LeaveCriticalSection
LCMapStringW
GetTimeFormatA
GetStartupInfoA
HeapAlloc
RtlUnwind
GetCurrentThreadId
HeapSize
GetTimeZoneInformation
IsValidLocale
UnhandledExceptionFilter
HeapDestroy
IsDebuggerPresent
EnumSystemLocalesA
GetStdHandle
CompareStringW
SetUnhandledExceptionFilter
GetACP
GetFileType
GetCommandLineA
TerminateProcess
FreeEnvironmentStringsW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
WriteFile
SetEnvironmentVariableA
TlsAlloc
InitializeCriticalSectionAndSpinCount

user32

GetSysColor
AdjustWindowRectEx
LoadAcceleratorsA
EnumDisplaySettingsExA
GetWindowRgn
UnregisterDeviceNotification
UnionRect
ChangeDisplaySettingsW
EnumChildWindows

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc8b790fa548f7f4fd5f3792f766151e

Headers

File Characteristics

Imports

advapi32

comdlg32

wininet

shell32

kernel32

user32

Sections

.text Size: 149KB - Virtual size: 148KB

.data Size: 280KB - Virtual size: 287KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 149KB - Virtual size: 148KB

.data
Size: 280KB - Virtual size: 287KB

.rsrc
Size: 6KB - Virtual size: 6KB