2153d901372b228a88af51b45b719696_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2153d901372b228a88af51b45b719696_JaffaCakes118
Size

268KB
MD5

2153d901372b228a88af51b45b719696
SHA1

b5d2b3a31b0c3e29d7a9c4b416551a5dd0665db6
SHA256

ebaa203cd79f75b71f205beeeaa47c70c1775ccfd63a9a831f921fa405637f7b
SHA512

fbeaf82989123b845a05bd77a709c77a484a02f6d2419f8f932d041318d800fe36bd995511e927e5b821c77e423dd8b9dc201be331b82c9c5638415a2aee752e
SSDEEP

6144:nbbTDv4nGWMl+z1gclGsmPk7yodY1HcGA5ZJ4tXdSZxP:vHv4nol+z9sqyoQcZ9YSZxP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2153d901372b228a88af51b45b719696_JaffaCakes118

Files

2153d901372b228a88af51b45b719696_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c523cb10ce7625cd0ee0569394ffb163

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExA
LookupAccountSidW
RegRestoreKeyW
RegEnumValueW
CryptGetKeyParam
RegConnectRegistryW
LookupAccountSidA
RegQueryValueA
AbortSystemShutdownW
RegOpenKeyExA
CryptVerifySignatureW
CreateServiceW

gdi32

GetICMProfileW
GetCharWidthA
ArcTo
AnimatePalette
GetKerningPairs

shell32

SHFileOperation
ShellHookProc
SHBrowseForFolder
ExtractIconA
ShellExecuteExA
SHInvokePrinterCommandW
DoEnvironmentSubstA
FindExecutableW
RealShellExecuteExW

user32

SendMessageW
SetMenuItemBitmaps
GetWindowTextW
IsCharAlphaW
GetClassNameA
ExitWindowsEx
GetQueueStatus

kernel32

LCMapStringA
SetEnvironmentVariableA
SetHandleCount
QueryPerformanceCounter
GetDateFormatA
RtlUnwind
GetStartupInfoA
VirtualAlloc
GlobalReAlloc
EnumSystemLocalesA
GetCurrentThread
GetNumberFormatA
GetProcAddress
GetEnvironmentStrings
GetSystemInfo
GetLocaleInfoW
GetCPInfo
HeapReAlloc
FreeEnvironmentStringsA
GetStringTypeW
GetCommandLineA
InitializeCriticalSection
GetLocaleInfoA
ReadConsoleInputW
UnhandledExceptionFilter
InterlockedExchange
GetUserDefaultLCID
HeapAlloc
DebugBreak
LeaveCriticalSection
GetCurrentThreadId
GetTimeFormatA
HeapDestroy
MultiByteToWideChar
GetStdHandle
VirtualProtect
TerminateProcess
WriteFile
GetOEMCP
GetFileType
HeapCreate
WideCharToMultiByte
DeleteCriticalSection
TlsGetValue
FreeEnvironmentStringsW
HeapFree
GetStringTypeA
GetSystemTimeAsFileTime
LoadLibraryA
TlsSetValue
IsBadWritePtr
SetLastError
CompareStringW
GetEnvironmentStringsW
IsValidLocale
IsValidCodePage
LCMapStringW
GetCurrentProcessId
GetModuleHandleA
GetTickCount
TlsAlloc
VirtualFree
GetCurrentProcess
GetModuleFileNameA
GetLastError
CompareStringA
VirtualQuery
GetACP
TlsFree
GetTimeZoneInformation
HeapSize
ExitProcess
GetVersionExA
EnterCriticalSection

wininet

InternetHangUp
InternetGoOnlineA
InternetInitializeAutoProxyDll
RetrieveUrlCacheEntryStreamW
GopherGetAttributeA
GopherCreateLocatorA
FindNextUrlCacheContainerA
InternetTimeToSystemTime
InternetTimeFromSystemTimeA
HttpOpenRequestW
CommitUrlCacheEntryA
InternetSetDialStateA
InternetGetCertByURLA
FtpPutFileA
InternetConfirmZoneCrossing
InternetTimeToSystemTimeW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c523cb10ce7625cd0ee0569394ffb163

Headers

File Characteristics

Imports

advapi32

gdi32

shell32

user32

kernel32

wininet

Sections

.text Size: 121KB - Virtual size: 120KB

.data Size: 135KB - Virtual size: 150KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 121KB - Virtual size: 120KB

.data
Size: 135KB - Virtual size: 150KB

.rsrc
Size: 10KB - Virtual size: 10KB