14d2d228f9c3532d6585e93b71600009_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14d2d228f9c3532d6585e93b71600009_JaffaCakes118
Size

2.0MB
MD5

14d2d228f9c3532d6585e93b71600009
SHA1

9c28e60fb2adf28e6613bbda040c1f978347a7a7
SHA256

3855be33220e8951533f60277a85ddc48b02c768ee82f65ed5983b5e18e089f5
SHA512

02d3ab2a07803deff956e6049c567a8a7f5a38356c8c7c4a014dbbe4ca31ec4e803b766819fa31146fc0736dfba89a5859486b6e75a45d4f12dc39ef4657278d
SSDEEP

49152:FhqppmjCSR1md4tnNgu+hxwQrviwWpRQR1Ue82l3hyn:WppACSbNL+4ivveeKn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14d2d228f9c3532d6585e93b71600009_JaffaCakes118

Files

14d2d228f9c3532d6585e93b71600009_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d180e76c483e47b826a8bb72f93038d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetBinaryTypeW
GetCurrentThread
VirtualFree
GetProcessHeap
ExitProcess
GetCurrentProcess
GetModuleHandleA
VirtualAlloc
HeapAlloc
GetThreadLocale

user32

GetMenuInfo
SetScrollInfo
RegisterDeviceNotificationA
CharPrevExA
LoadKeyboardLayoutEx
GetDlgItemTextA
DlgDirListW
FindWindowA
GetCaretBlinkTime
DdeCmpStringHandles

version

VerLanguageNameW
VerFindFileA
GetFileVersionInfoW
VerFindFileW
VerLanguageNameA
VerQueryValueW
GetFileVersionInfoA
VerInstallFileW
VerInstallFileA
VerQueryValueA

comctl32

UninitializeFlatSB

gdi32

GdiSetLastError
GdiSetPixelFormat
GdiEntry15
SetArcDirection
SetROP2
SetSystemPaletteUse
EngAcquireSemaphore

advapi32

BuildImpersonateExplicitAccessWithNameW
GetLocalManagedApplications
WmiSetSingleItemA

ole32

CreatePointerMoniker
HBRUSH_UserSize
DllRegisterServer
CoInitialize
IsAccelerator
HWND_UserUnmarshal
CoRegisterMessageFilter

msvcrt

_futime
__toascii
_CIexp
_wrmdir
_mbsnbcpy
_wexecvpe

ntdll

RtlAreAnyAccessesGranted
NtReadRequestData
NtAllocateVirtualMemory
RtlInitializeResource
RtlInitString
NtSetTimer
RtlInt64ToUnicodeString
NtAccessCheckByTypeResultListAndAuditAlarmByHandle

Sections

.text
Size: 10KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 876KB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d180e76c483e47b826a8bb72f93038d5

Headers

File Characteristics

Imports

kernel32

user32

version

comctl32

gdi32

advapi32

ole32

msvcrt

ntdll

Sections

.text Size: 10KB - Virtual size: 11KB

.data Size: 876KB - Virtual size: 6.1MB

.idata Size: 1.0MB - Virtual size: 1.0MB

.tls Size: 7KB - Virtual size: 7KB

.rsrc Size: 74KB - Virtual size: 73KB

.text
Size: 10KB - Virtual size: 11KB

.data
Size: 876KB - Virtual size: 6.1MB

.idata
Size: 1.0MB - Virtual size: 1.0MB

.tls
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 74KB - Virtual size: 73KB