265d9f6f99506079c3cf917607b4f5ac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

265d9f6f99506079c3cf917607b4f5ac_JaffaCakes118
Size

192KB
MD5

265d9f6f99506079c3cf917607b4f5ac
SHA1

05ac3f1b239142aa1ca03976b8d4374025fd1cbe
SHA256

40e3ba47ff99ceed8a597209a31f4ccb60868958214d57e6de92a9b07598312e
SHA512

6726012678a1eb03e081dbfd866989d418754316952ff497187d2ece1df123df3b512dc9b3acfe454f67aa24b4e12758ff7d4410fb19ed8b5935eae07e77a031
SSDEEP

3072:yxldAuqwCfWQI4HpHZqAvqQDoiBOm9laWa/tYfT1/WGPW4xSxiMZXLG8XqEpI9S1:ypsHxZqBfip9laWqOW3WWXCyqj9exkvO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
265d9f6f99506079c3cf917607b4f5ac_JaffaCakes118

Files

265d9f6f99506079c3cf917607b4f5ac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6f407c09da6e324f00a82c02a90b2dbf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
OpenMutexA
GetCommandLineW
GetAtomNameW
GetCurrentThreadId
GetHandleInformation
SetCalendarInfoA
DosDateTimeToFileTime
CopyFileExW
GetModuleHandleW
SetCalendarInfoW
EnumDateFormatsA
SetLocaleInfoA
GetFileSize
SetUnhandledExceptionFilter
GlobalDeleteAtom
OpenProcess
GetDiskFreeSpaceW
OpenWaitableTimerA
CompareStringW
GetUserDefaultLCID
GetOEMCP
GetVolumeInformationW
WinExec
GetUserDefaultLangID
GetLogicalDriveStringsW
GetWindowsDirectoryA
ReplaceFileW
GetThreadPriority
GetStringTypeA
ExpandEnvironmentStringsW
Beep
GetStringTypeW
LoadResource
SetThreadPriority
GetProcAddress
GetFullPathNameW
GetModuleHandleA
ConnectNamedPipe
MulDiv
IsValidCodePage
CreateDirectoryW
CreateFileA
GetDateFormatW
lstrcmpW
GetExpandedNameW
GetCommandLineA

user32

SendDlgItemMessageW
GetAsyncKeyState
DestroyWindow
GetDC
EnumWindows
GetDC
SetCursor
SetDlgItemTextA
AppendMenuA
CharNextW
SetTimer
IsWindow

gdi32

GetTextExtentPointA
ColorCorrectPalette
RectVisible
ResetDCW
EnumFontsW
GetCharWidth32A
GetOutlineTextMetricsW
FixBrushOrgEx
SetPixelFormat
CreateDIBPatternBrushPt
EnumICMProfilesA

advapi32

RegOpenKeyW
RegFlushKey
RegCreateKeyW
RegEnumValueA
RegRestoreKeyW
RegOpenKeyA
RegDeleteValueA

shell32

StrStrA
StrRChrIW
ExtractIconExW
SHGetFolderPathW

ole32

CoFileTimeNow
CoGetDefaultContext
CoGetInstanceFromFile

setupapi

SetupLogFileA

wininet

InternetGetConnectedStateExA
InternetCreateUrlW
GetUrlCacheConfigInfoA
UnlockUrlCacheEntryFile
InternetShowSecurityInfoByURL
ReadUrlCacheEntryStream
InternetOpenW
InternetFindNextFileA
IsUrlCacheEntryExpiredA
FtpDeleteFileA
InternetAttemptConnect
DetectAutoProxyUrl
FindNextUrlCacheContainerW
ForceNexusLookupExW
GopherGetAttributeW
FreeUrlCacheSpaceA
InternetWriteFileExW
InternetShowSecurityInfoByURLW

sqlunirl

_SetWindowText@8

crypt32

CertAddCTLLinkToStore
CertGetCertificateChain
CryptCloseAsyncHandle
CertOpenSystemStoreA
I_CryptInstallOssGlobal
CryptVerifyDetachedMessageSignature
CertVerifyCertificateChainPolicy
CryptMemRealloc
CryptSIPRetrieveSubjectGuidForCatalogFile

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TZeQV
Size: 1KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Bnl
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BAs
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rMBF
Size: 1KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.W
Size: 2KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xr
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JB
Size: 1024B - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bw
Size: 1024B - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f407c09da6e324f00a82c02a90b2dbf

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

setupapi

wininet

sqlunirl

crypt32

Sections

.text Size: 11KB - Virtual size: 10KB

.TZeQV Size: 1KB - Virtual size: 48KB

.Bnl Size: 2KB - Virtual size: 26KB

.BAs Size: 3KB - Virtual size: 4KB

.rMBF Size: 1KB - Virtual size: 27KB

.W Size: 2KB - Virtual size: 37KB

.xr Size: 2KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 7KB

.JB Size: 1024B - Virtual size: 31KB

.bw Size: 1024B - Virtual size: 204KB

.rsrc Size: 164KB - Virtual size: 163KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 11KB - Virtual size: 10KB

.TZeQV
Size: 1KB - Virtual size: 48KB

.Bnl
Size: 2KB - Virtual size: 26KB

.BAs
Size: 3KB - Virtual size: 4KB

.rMBF
Size: 1KB - Virtual size: 27KB

.W
Size: 2KB - Virtual size: 37KB

.xr
Size: 2KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 7KB

.JB
Size: 1024B - Virtual size: 31KB

.bw
Size: 1024B - Virtual size: 204KB

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 1KB - Virtual size: 1KB