14e8d2ca1f6abdf744dcc20ec2f4d094_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14e8d2ca1f6abdf744dcc20ec2f4d094_JaffaCakes118
Size

235KB
MD5

14e8d2ca1f6abdf744dcc20ec2f4d094
SHA1

31d91e7feee0e3de4e5e31cbc7c6f46577c943d4
SHA256

1e495368761672881b0a28d5baf828d9bdc99facd6119dfa951207ad250bbdf8
SHA512

239417ffde4851cff8ba2f9964bfd7c967c3018aa20ad901d5b65b543512aa3a75130651a4ff24ccd6c2ec0ad8392b0f094963c3706b7fe4085f7af7f2e98ac0
SSDEEP

3072:MDbzhrPaBHMr7I9cQcsYhG80ZDagFw3VFN/FVOYu/Heda6g0cl/7zCpXWGtDqIzU:MTpCWgcQVjL2VTr+/bvjzd+F0Pt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e8d2ca1f6abdf744dcc20ec2f4d094_JaffaCakes118

Files

14e8d2ca1f6abdf744dcc20ec2f4d094_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe557c659bf4d51b3b3aee559534c858

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueA
CryptEnumProvidersW
RegConnectRegistryW
LookupAccountNameW
RegSetValueExW
CryptEnumProviderTypesA
CryptSetKeyParam
CryptVerifySignatureW
AbortSystemShutdownW
CryptEnumProvidersA
CryptSignHashA
RegCreateKeyW
RegLoadKeyA
CryptGenRandom
RegQueryValueExA
RegSetValueA
CryptSetProviderA
CryptGetDefaultProviderW
RegEnumKeyExW
RegDeleteValueW
RegReplaceKeyA
CryptGenKey
InitiateSystemShutdownW
RegEnumKeyW
LogonUserW

shell32

SHGetInstanceExplorer
ShellExecuteA
SHGetSpecialFolderPathW
SHGetFileInfoW
SHFileOperationA

gdi32

UpdateICMRegKeyA
DPtoLP
CreateFontIndirectW
SelectObject
SetDIBitsToDevice
SetBitmapDimensionEx
CreateSolidBrush
SetICMProfileW
RemoveFontResourceA
PaintRgn
GetOutlineTextMetricsW
UpdateColors

kernel32

CreatePipe
FreeEnvironmentStringsA
TlsAlloc
GetProcAddress
FlushViewOfFile
ReadConsoleInputA
GetExitCodeThread
CreateDirectoryW
LocalShrink
HeapFree
TerminateProcess
Sleep
ExpandEnvironmentStringsW
GetTickCount
SetLastError
HeapCreate
VirtualProtect
WriteConsoleOutputA
RtlUnwind
TlsFree
GetLastError
GetFileType
GetCurrentThreadId
GetEnvironmentStringsW
VirtualAlloc
TlsSetValue
GetSystemTimeAsFileTime
IsBadWritePtr
HeapDestroy
GetCommandLineW
LeaveCriticalSection
GetStartupInfoA
HeapValidate
HeapReAlloc
VirtualProtectEx
DeleteCriticalSection
MoveFileW
GetModuleFileNameW
GetStdHandle
GetEnvironmentStrings
TlsGetValue
ExitProcess
FileTimeToLocalFileTime
FreeEnvironmentStringsW
GlobalAlloc
GetCurrentThread
CloseHandle
GlobalFindAtomA
VirtualQuery
MultiByteToWideChar
GetStartupInfoW
QueryPerformanceCounter
GetCommandLineA
InterlockedExchange
VirtualFree
LoadLibraryA
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleHandleA
EnumResourceLanguagesW
EnterCriticalSection
SetHandleCount
WriteFile
GetCurrentProcess
GetShortPathNameA
SetConsoleCursorInfo
InitializeCriticalSection
GetCurrentProcessId
lstrcatW
HeapAlloc
GetVersion
FindNextChangeNotification
GetFileAttributesExA

wininet

InternetGetCertByURL
SetUrlCacheEntryInfoA

user32

InsertMenuW
RegisterWindowMessageA
GetFocus
GetTabbedTextExtentA
SetMenuItemInfoA
CheckRadioButton
ModifyMenuW

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe557c659bf4d51b3b3aee559534c858

Headers

File Characteristics

Imports

advapi32

shell32

gdi32

kernel32

wininet

user32

Sections

.text Size: 86KB - Virtual size: 86KB

.rdata Size: 4KB - Virtual size: 14KB

.data Size: 133KB - Virtual size: 133KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 86KB - Virtual size: 86KB

.rdata
Size: 4KB - Virtual size: 14KB

.data
Size: 133KB - Virtual size: 133KB

.rsrc
Size: 10KB - Virtual size: 9KB