29bf65ab87c2b6278807a69e7e3df81a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29bf65ab87c2b6278807a69e7e3df81a_JaffaCakes118
Size

321KB
MD5

29bf65ab87c2b6278807a69e7e3df81a
SHA1

ebca9985b15e33c8cda14155df1592adfe553c51
SHA256

8938a9e196dec5d609f2c8a15acbdbb7b2cfc9edac6600f37766a9814896e76b
SHA512

73fa10850ac4e7c45221aae54f3fb82333a2773c6c07b5291da4ae1dcaf9109d63c388c17e1918fff5085bb07413838ef5cd6b07e8c7c201eedbbd5d25921371
SSDEEP

6144:tf47glGu0POKWxd4w3QKMjrEVMeH1f2KglVUwkMLXgtnG7LycCdu:t3UuwOPxdLcUVF1fGrXjgtcOcCd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29bf65ab87c2b6278807a69e7e3df81a_JaffaCakes118

Files

29bf65ab87c2b6278807a69e7e3df81a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

562e6adc13f943602259012ec36c5fa5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\sfbbtsm.pdb

Imports

shell32

SHChangeNotify
DragQueryFile
SHEmptyRecycleBinW
DragAcceptFiles
SHAddToRecentDocs

advapi32

RegSetKeySecurity
CryptEnumProviderTypesA
RegDeleteKeyW
CryptAcquireContextW
InitiateSystemShutdownW
RegConnectRegistryW
CryptContextAddRef
RegEnumValueA
RegSaveKeyA
DuplicateToken
RegEnumKeyExA
RegCreateKeyExW
ReportEventW
RegNotifyChangeKeyValue
CryptGetHashParam
CryptDestroyHash
CryptSetKeyParam
CryptEncrypt
RegEnumKeyExW
RegCloseKey
RegDeleteValueA
RegDeleteValueW
CryptExportKey
CryptSetProviderExA

user32

RegisterClassA
GetClipboardData
OffsetRect
GetClassNameA
FindWindowExA
GetMenu
OpenDesktopW
SetWindowTextA
HideCaret
DdeUnaccessData
GetMenuState
LoadIconA
CreateIcon
MonitorFromWindow
GetMenuStringA
RegisterClassExA
DlgDirListA
AdjustWindowRectEx
CreateCaret

comctl32

InitCommonControlsEx

kernel32

GetCurrentProcessId
GetTimeZoneInformation
GetSystemTime
QueryPerformanceCounter
DeleteCriticalSection
FillConsoleOutputAttribute
TlsSetValue
InterlockedExchange
GetModuleFileNameW
GetCPInfo
SetLastError
WriteFile
GetStringTypeW
SetEnvironmentVariableA
HeapFree
SetHandleCount
GetEnvironmentStringsW
LCMapStringA
TlsAlloc
UnhandledExceptionFilter
RtlUnwind
GetCurrentThread
GetModuleHandleA
GetProcAddress
CreateMutexA
FreeEnvironmentStringsA
GetStdHandle
OpenMutexA
GetEnvironmentStrings
ExitProcess
GetModuleFileNameA
HeapAlloc
CompareStringA
HeapCreate
GetStartupInfoW
TlsFree
FreeEnvironmentStringsW
TerminateProcess
CompareStringW
GetLastError
SetStdHandle
LocalFree
VirtualFree
ReadFile
GetStartupInfoA
GetSystemTimeAsFileTime
GetTickCount
WideCharToMultiByte
EnterCriticalSection
VirtualAlloc
FlushFileBuffers
HeapDestroy
GetLocalTime
GetCompressedFileSizeA
GetCommandLineA
CloseHandle
TlsGetValue
LoadLibraryA
IsBadWritePtr
VirtualQuery
InterlockedIncrement
LeaveCriticalSection
LCMapStringW
MultiByteToWideChar
GetCurrentThreadId
HeapReAlloc
GetCurrentProcess
InterlockedDecrement
GetFileType
GetStringTypeA
InitializeCriticalSection
GetCommandLineW
GetVersion
SetFilePointer

wininet

FtpRemoveDirectoryW
SetUrlCacheEntryInfoW
InternetGetCookieW
FindNextUrlCacheEntryExA
InternetQueryOptionA
InternetSetOptionExA
HttpEndRequestW
GetUrlCacheHeaderData

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

562e6adc13f943602259012ec36c5fa5

Headers

File Characteristics

PDB Paths

Imports

shell32

advapi32

user32

comctl32

kernel32

wininet

Sections

.text Size: 186KB - Virtual size: 185KB

.rdata Size: 27KB - Virtual size: 41KB

.data Size: 88KB - Virtual size: 88KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 186KB - Virtual size: 185KB

.rdata
Size: 27KB - Virtual size: 41KB

.data
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 18KB - Virtual size: 18KB