101d9c05b6ae76d6aaf333e0ebb8f856_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

101d9c05b6ae76d6aaf333e0ebb8f856_JaffaCakes118
Size

843KB
MD5

101d9c05b6ae76d6aaf333e0ebb8f856
SHA1

b5af776babc0dcac81e9dd9fd8658ef96fba0c35
SHA256

1a3adf7bcbd60b355ba43af6b2e7fa9e6da64aa113a864331a3bbdf828d88758
SHA512

24928c54b090b704a463bbc711fc1a44eb6200e6329fccd718f1864bfe5ddec667ee03b1add14081ec4fb25ae3c589a8dae6ca4048e906867486159e202c441e
SSDEEP

12288:dhehrgoDSo+VqB1XADHJnu7eOPiStFxCNQuLBKZ9ikqEaA/KuuG0NY4m5kmyQIPS:d2FDSTY4dAeOPiSL5c095qrAv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
101d9c05b6ae76d6aaf333e0ebb8f856_JaffaCakes118

Files

101d9c05b6ae76d6aaf333e0ebb8f856_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d61c17b69b3b0cbe02cf7c0f4a328912

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

RealShellExecuteA
SHFreeNameMappings
ShellExecuteA

advapi32

CryptSignHashA
CryptExportKey
RegCreateKeyW
RegQueryMultipleValuesA
ReportEventW
RegDeleteValueA
CryptEnumProvidersA
RegNotifyChangeKeyValue
CryptContextAddRef
RegConnectRegistryA
LookupAccountNameA
LookupSecurityDescriptorPartsA
AbortSystemShutdownA
CreateServiceA
RegDeleteKeyW
LookupPrivilegeNameW
CryptImportKey
RegSetValueExW
CryptSetProviderExW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyW
CryptEnumProviderTypesA
RegSetValueA
LookupPrivilegeDisplayNameA

comctl32

ImageList_EndDrag
ImageList_BeginDrag
ImageList_LoadImageA
ImageList_LoadImage
ImageList_DragLeave
ImageList_Draw
CreatePropertySheetPage
ImageList_Replace
InitCommonControlsEx
CreateStatusWindowA
ImageList_ReplaceIcon
ImageList_DrawIndirect
DestroyPropertySheetPage
ImageList_Write
ImageList_SetBkColor
ImageList_LoadImageW
DrawStatusTextW
ImageList_SetOverlayImage

kernel32

UnhandledExceptionFilter
GetEnvironmentStringsW
InterlockedIncrement
WriteConsoleOutputW
GetStartupInfoW
IsBadWritePtr
MultiByteToWideChar
ExitProcess
GetLocalTime
GetEnvironmentStringsA
GetThreadTimes
SetHandleCount
ResetEvent
GetSystemTime
CommConfigDialogA
SetStdHandle
EnumDateFormatsW
EnterCriticalSection
TerminateProcess
GetLastError
LockFileEx
VirtualFree
LocalUnlock
lstrcpyW
LocalFree
FreeEnvironmentStringsA
SetEnvironmentVariableA
InterlockedExchange
WriteFile
HeapFree
GetModuleFileNameW
SetPriorityClass
CompareStringA
CreateMutexA
GetProcAddress
GetTimeZoneInformation
WideCharToMultiByte
QueryPerformanceCounter
TlsSetValue
WriteConsoleOutputCharacterW
GetConsoleCursorInfo
InitializeCriticalSection
GetWindowsDirectoryW
FlushInstructionCache
GetSystemDirectoryW
VirtualAlloc
HeapDestroy
WaitCommEvent
FreeEnvironmentStringsW
GetCurrencyFormatA
lstrlenA
SetConsoleTitleA
CompareStringW
OpenMutexA
TransmitCommChar
SetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
VirtualQuery
CloseHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetStdHandle
SetFileTime
DeleteCriticalSection
LoadLibraryA
GetCommandLineA
HeapCreate
HeapValidate
TlsAlloc
GetDiskFreeSpaceA
EnumCalendarInfoExW
LCMapStringA
ContinueDebugEvent
LeaveCriticalSection
UnmapViewOfFile
ReadConsoleOutputA
GetProfileIntA
WritePrivateProfileStructA
GetCurrentThreadId
TlsFree
GetVersion
GetCurrentProcessId
GetConsoleTitleA
SetSystemTime
GetModuleFileNameA
FillConsoleOutputAttribute
SetFilePointer
GetCurrentProcess
LocalAlloc
ConnectNamedPipe
GetPrivateProfileSectionNamesA
GetTickCount
FlushFileBuffers
InterlockedDecrement
GetCommandLineW
GetFileAttributesExW
AllocConsole
FoldStringW
lstrlenW
WriteConsoleOutputA
RtlUnwind
lstrcatW
FindFirstFileW
GetCPInfo
GetStartupInfoA
FindResourceExA
GetModuleHandleA
TlsGetValue
LCMapStringW
HeapAlloc
GetFileType
ReadFile
GetCurrentThread
GetStringTypeA
SetLastError
HeapReAlloc
GetEnvironmentStrings
GetAtomNameW

user32

GetClipboardSequenceNumber
DefWindowProcW
CharUpperBuffW
ShowCaret
GetMenuItemID
ShowWindow
RegisterClassExA
GetWindowPlacement
ReleaseCapture
GetKeyNameTextW
CharToOemBuffA
OpenClipboard
MessageBoxW
CreateWindowExA
GetGUIThreadInfo
LoadImageA
CharLowerA
WinHelpW
GetWindowLongA
DestroyWindow
OemToCharW
GetInputState
AppendMenuA
IsCharLowerW
GetThreadDesktop
CascadeChildWindows
TrackPopupMenuEx
RegisterClassA
UpdateWindow
DialogBoxParamW
EnableScrollBar

wininet

RegisterUrlCacheNotification
FtpPutFileW

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d61c17b69b3b0cbe02cf7c0f4a328912

Headers

File Characteristics

Imports

shell32

advapi32

comctl32

kernel32

user32

wininet

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 452KB - Virtual size: 451KB

.data Size: 128KB - Virtual size: 127KB

.rsrc Size: 92KB - Virtual size: 90KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 452KB - Virtual size: 451KB

.data
Size: 128KB - Virtual size: 127KB

.rsrc
Size: 92KB - Virtual size: 90KB