20ec151b958ca8ab089787d5320c8f18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20ec151b958ca8ab089787d5320c8f18_JaffaCakes118
Size

403KB
MD5

20ec151b958ca8ab089787d5320c8f18
SHA1

ab47c1b10f28b1fff16b5e7b03f1dc458b9438ef
SHA256

9502ae2c50c0d44160fbca22edfdfb2a8738a2cad37e6df128554bd705c9340e
SHA512

ac334950ec7a5c579d8c0d7e368fd9a2ff3b1b192a4f885d4a44cf4605ad3cf3527da5218eaf8e24892b3bcd40481f21da2eda851577db7eebb03f0e61b87468
SSDEEP

6144:xtcwP7wAAzqXJhEtKkj2ywRFGOBqld5+JAddbreoxhy86Uh0/rkTbIP2F:pDmuJhEskj2qD502Bhx0dL/IsY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ec151b958ca8ab089787d5320c8f18_JaffaCakes118

Files

20ec151b958ca8ab089787d5320c8f18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

34fe84ad50acfc0a28d728af989d3dd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

shlwapi

PathIsDirectoryW
PathIsRelativeW
PathRemoveBackslashW
PathCombineW
PathRenameExtensionW
PathAddBackslashW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

winmm

timeGetTime

kernel32

DeleteCriticalSection
GetLastError
GetCurrentThreadId
GetVersionExW
EnterCriticalSection
CopyFileW
GetTickCount
FreeLibrary
GetModuleFileNameW
_llseek
GetVersionExA
ExitProcess
GetProcessIoCounters
InitializeCriticalSection
GlobalUnlock
GetThreadLocale
GetFullPathNameW
SetThreadAffinityMask
GetModuleFileNameA
GetCurrentProcessId
OutputDebugStringW
GetSystemTimeAsFileTime
TerminateProcess
GetLocaleInfoA
FindFirstFileW
CreateFileW
CloseHandle
lstrlenA
LocalAlloc
GetTempFileNameW
SetFileAttributesW
RemoveDirectoryW
LocalFree
GlobalAlloc
FindNextFileW
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
InterlockedIncrement
ReadFile
Sleep
GlobalLock
LoadLibraryW
DisableThreadLibraryCalls
GetProcAddress
QueryPerformanceCounter
InterlockedExchange
CreateDirectoryW
FindClose
DeleteFileW
GetTempPathW
LeaveCriticalSection
GetACP
GetFileAttributesExW

ole32

CoInitialize
CoFreeUnusedLibraries
CoUninitialize
StringFromGUID2
CoCreateInstance

user32

UpdateWindow
OpenClipboard
GetFocus
EmptyClipboard
GetClipboardData
SetWindowPos
SetCursor
TrackPopupMenuEx
EnableWindow
ClipCursor
OffsetRect
GetParent
SetRectEmpty
EnumWindowStationsW
GetWindowRect
DestroyMenu
GetDesktopWindow
UnionRect
IsWindow
ClientToScreen
CloseClipboard
GetKeyState
SetCapture
SetRect
SetParent
TranslateMessage
ReleaseDC
InvalidateRect
CopyRect
CreatePopupMenu
IntersectRect
EqualRect
FillRect
IsRectEmpty
wsprintfW
SetClipboardData
RedrawWindow
GetDC
SendMessageW
LoadCursorW
GetClientRect
PtInRect
ReleaseCapture
ScreenToClient

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bomex
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34fe84ad50acfc0a28d728af989d3dd6

Headers

File Characteristics

Imports

winspool.drv

shlwapi

winmm

kernel32

ole32

user32

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 103KB - Virtual size: 103KB

.bomex Size: 4KB - Virtual size: 28KB

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 103KB - Virtual size: 103KB

.bomex
Size: 4KB - Virtual size: 28KB