2569eee948f54211d2794b0f28e4f2ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2569eee948f54211d2794b0f28e4f2ba_JaffaCakes118
Size

1.9MB
MD5

2569eee948f54211d2794b0f28e4f2ba
SHA1

65f6c63379ea7e32785a1254c3d5e5d290c29236
SHA256

ba6a73fc87a02244f4d2073ba65c7a4b61d7edb4953f527de5a9287b86733e50
SHA512

08382f522bb41d743137c07e624d1487fbe3c02d467bd02883933f73ba639263e4eb61a9d66fdd4cc972f0bb7d94fac74453da4d4138fa96aaaab7a9d140f89b
SSDEEP

49152:5kIMk8JK54veGJy9okA+GMmtargdCqMUikY:2IMk8JK5weALxV9tsgoqlL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2569eee948f54211d2794b0f28e4f2ba_JaffaCakes118

Files

2569eee948f54211d2794b0f28e4f2ba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb8e3fafe109c1484818ea8de7e385ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\onad\odeb\eeoaz\sptsdsvwo.pdb

Imports

kernel32

VirtualQuery
CompareStringW
GetModuleFileNameA
GetStartupInfoA
TlsGetValue
OpenMutexA
InterlockedDecrement
CompareStringA
DeleteCriticalSection
UnhandledExceptionFilter
GetCurrentProcess
CreateMutexA
LCMapStringA
GetExitCodeProcess
CloseHandle
GetVersion
InitializeCriticalSection
WriteFile
GetLocalTime
SetEnvironmentVariableA
GetEnvironmentStrings
HeapCreate
LCMapStringW
QueryPerformanceCounter
SetHandleCount
GetModuleHandleA
GetTimeZoneInformation
GetCommandLineA
SetStdHandle
FreeEnvironmentStringsW
GetTickCount
InterlockedIncrement
FreeEnvironmentStringsA
HeapReAlloc
IsBadWritePtr
GetStdHandle
ReadFile
TlsAlloc
TerminateProcess
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetLastError
LoadLibraryA
MultiByteToWideChar
SetLastError
FlushFileBuffers
GetProcAddress
GetSystemTime
GetACP
HeapAlloc
TlsFree
GetCurrentThreadId
GetEnvironmentStringsW
SetFilePointer
GetStringTypeW
GetFileType
HeapDestroy
GetSystemTimeAsFileTime
RtlUnwind
GetCurrentProcessId
VirtualAlloc
InterlockedExchange
TlsSetValue
FindFirstFileA
WideCharToMultiByte
GetStringTypeA
HeapFree
GetOEMCP
VirtualFree
ExitProcess

gdi32

GetTextFaceW
SetBitmapDimensionEx

advapi32

RegCreateKeyExW
LookupPrivilegeNameA
RegQueryValueA
CryptCreateHash
RevertToSelf
CryptGetUserKey
DuplicateToken

shell32

DragQueryFileW
SHGetDataFromIDListA
FindExecutableW
ShellExecuteA
SHInvokePrinterCommandW

user32

VkKeyScanW
MapDialogRect
MessageBoxW
RegisterClassA
DefWindowProcW
CreateDesktopW
SetParent
DdeCreateStringHandleW
DestroyWindow
WINNLSGetIMEHotkey
CreateWindowExA
GetKeyboardLayoutList
EnumWindows
RegisterClassExA
RegisterClassW
ShowWindow
SetDoubleClickTime

comctl32

ImageList_LoadImageW
DrawInsert
ImageList_SetOverlayImage
ImageList_SetFlags
InitCommonControlsEx
ImageList_AddIcon
ImageList_DragMove
ImageList_GetDragImage
ImageList_Destroy
ImageList_BeginDrag
ImageList_SetIconSize
ImageList_SetFilter
ImageList_EndDrag
ImageList_DrawEx
ImageList_Write
_TrackMouseEvent
ImageList_DrawIndirect
ImageList_SetDragCursorImage
ImageList_Duplicate
ImageList_GetImageRect
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_LoadImageA

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb8e3fafe109c1484818ea8de7e385ab

Headers

File Characteristics

PDB Paths

Imports

kernel32

gdi32

advapi32

shell32

user32

comctl32

Sections

.text Size: 305KB - Virtual size: 305KB

.rdata Size: 57KB - Virtual size: 87KB

.data Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 22KB - Virtual size: 21KB

.text
Size: 305KB - Virtual size: 305KB

.rdata
Size: 57KB - Virtual size: 87KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 22KB - Virtual size: 21KB