2999d920e2c5d50c1461998ced10dbd1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2999d920e2c5d50c1461998ced10dbd1_JaffaCakes118
Size

420KB
MD5

2999d920e2c5d50c1461998ced10dbd1
SHA1

209401f474c2e5a79707b7b1a8cf2af03b322fcd
SHA256

8e8e3390bf531577339d50f96190555be08081a10a7f733d7e7f5fe99c488a79
SHA512

d89a130388e4c2059c81adb5007e2f3b0367cd6079037cd1fa23dd6c5fce9d34ac3d658be95cf00c99ffa2d502b9671b399cc5e395ef6726c41a1d195c1dbc9f
SSDEEP

6144:KGbGWl9wXip/yEm+H+YbTIxFlml1UqWYEBWhNTH79OvH3:KGqWl9milxXbTIpml1UrYEEXTH79OP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2999d920e2c5d50c1461998ced10dbd1_JaffaCakes118

Files

2999d920e2c5d50c1461998ced10dbd1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ef342b5c84281be546bec04838d6b3bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\ese\aexs\etzseau\sefrxsrm\sdecbolyes.PDB

Imports

wininet

DeleteUrlCacheEntryA
InternetSecurityProtocolToStringA
FindFirstUrlCacheEntryExW
InternetCheckConnectionA
RegisterUrlCacheNotification
InternetAutodialHangup
GetUrlCacheConfigInfoW

user32

DrawTextExA
RegisterClassA
ChangeDisplaySettingsA
PostQuitMessage
UnregisterDeviceNotification
EndDialog
IsRectEmpty
DispatchMessageW
ToAsciiEx
CallNextHookEx
ScreenToClient
TranslateMessage
GetTitleBarInfo
GetMessageTime
CascadeChildWindows
FillRect
RegisterClassExA
EnumDisplaySettingsExA
CreateCursor
GetClipboardData
SendNotifyMessageW
SetCaretPos

kernel32

EnumCalendarInfoW
LocalShrink
WriteConsoleA
TlsSetValue
OutputDebugStringA
FileTimeToLocalFileTime
GetVersionExA
SetConsoleCtrlHandler
FindResourceExW
OpenProcess
GetCurrentThreadId
LocalLock
WriteConsoleOutputCharacterA
SetStdHandle
lstrlen
GetStringTypeA
WaitForSingleObject
DuplicateHandle
GetLocaleInfoW
IsDebuggerPresent
GetStdHandle
MultiByteToWideChar
TerminateProcess
ExitProcess
VirtualQuery
UnhandledExceptionFilter
HeapSize
EnumSystemLocalesA
ReadConsoleOutputCharacterA
SetConsoleCursorPosition
GetConsoleOutputCP
UnlockFile
FreeEnvironmentStringsA
WideCharToMultiByte
GetStartupInfoW
SetHandleCount
GlobalLock
GetProcessHeap
WaitForMultipleObjectsEx
GetStringTypeW
GetEnvironmentStrings
GetPriorityClass
CompareStringW
GetModuleHandleA
RtlUnwind
LoadLibraryA
InterlockedDecrement
LocalAlloc
GetCPInfo
GetCurrentProcess
SetEnvironmentVariableA
CreateMutexW
LCMapStringW
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
InitializeCriticalSection
OpenMutexA
DosDateTimeToFileTime
GetModuleFileNameA
RtlZeroMemory
GetLongPathNameA
VirtualAlloc
CompareStringA
GetTimeZoneInformation
GetPrivateProfileStructA
GetUserDefaultLCID
SetEvent
SetLastError
LeaveCriticalSection
FlushFileBuffers
EnumResourceNamesW
GlobalGetAtomNameW
GetConsoleMode
GetTickCount
CloseHandle
HeapAlloc
GetEnvironmentVariableW
TlsFree
GetCommandLineW
GetDateFormatA
FreeEnvironmentStringsW
DeleteCriticalSection
ReadFile
GetProcAddress
HeapFree
HeapCreate
WriteConsoleW
CommConfigDialogA
FindNextChangeNotification
GetExitCodeThread
AddAtomA
GetCurrentThread
EnterCriticalSection
GetConsoleCP
VirtualFree
GetCurrentProcessId
LoadResource
GetCommandLineA
FreeLibrary
GetPrivateProfileSectionA
InterlockedIncrement
GetTimeFormatA
EnumResourceLanguagesW
GetSystemDefaultLCID
HeapReAlloc
WriteFile
LCMapStringA
IsValidCodePage
TlsGetValue
GlobalGetAtomNameA
GetDiskFreeSpaceW
LocalCompact
GetEnvironmentStringsW
FindAtomW
GetLocaleInfoA
InterlockedExchange
CreateFileA
GetStartupInfoA
GetModuleFileNameW
SetFilePointer
IsValidLocale
Sleep
OpenFileMappingA
FindFirstFileExW
LoadModule
HeapDestroy
TlsAlloc
GetACP
CompareFileTime
WaitNamedPipeA
GetFileType
GetLastError
GetVolumeInformationA
GetModuleHandleW
CreateMutexA
GetOEMCP

gdi32

CreateBrushIndirect
ResetDCW
DeleteDC
SelectObject
SetTextAlign
GetPixel
CreateDCA
DescribePixelFormat
GetCharacterPlacementW
GetTextExtentPoint32A
GetCharABCWidthsFloatW
GetDeviceCaps
OffsetViewportOrgEx
OffsetRgn
GetFontLanguageInfo
SetTextJustification
GetEnhMetaFileA
DeleteObject
GetObjectW

advapi32

CryptVerifySignatureA
RegRestoreKeyA
RegNotifyChangeKeyValue
RegEnumKeyExW
AbortSystemShutdownW
CryptGetDefaultProviderW
RegEnumValueA
CryptEnumProviderTypesA
LookupSecurityDescriptorPartsA
CryptSetProviderExW
CryptHashSessionKey
RegQueryMultipleValuesA
LookupSecurityDescriptorPartsW
LookupPrivilegeValueW
CryptDuplicateHash
RevertToSelf
RegCreateKeyExW
CryptEnumProvidersA
CryptVerifySignatureW
CryptGenRandom
CryptGetProvParam

comctl32

ImageList_Merge
ImageList_Draw
CreatePropertySheetPage
ImageList_LoadImageW
CreatePropertySheetPageW
ImageList_Replace
InitCommonControlsEx
DrawStatusText

shell32

SHFileOperationA

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef342b5c84281be546bec04838d6b3bf

Headers

File Characteristics

PDB Paths

Imports

wininet

user32

kernel32

gdi32

advapi32

comctl32

shell32

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 96KB - Virtual size: 101KB

.rsrc Size: 60KB - Virtual size: 59KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 96KB - Virtual size: 101KB

.rsrc
Size: 60KB - Virtual size: 59KB