2e22aa040454481ee1db20b85103f511_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2e22aa040454481ee1db20b85103f511_JaffaCakes118
Size

1.5MB
MD5

2e22aa040454481ee1db20b85103f511
SHA1

e2a94a3cf1c2530096a9d440ad8a31766721f386
SHA256

5b3f2d396d44d857a3e69a5cc637c09dd10e6df909e268e0c4a104c89c7ae11c
SHA512

df24e3d4e72c6c840ace700f32c812fa8e60664c23e6fa2328d3edbf625fd944b2f62b47c302bf5d2aab630f98a4309b17e3a9eeeba4d793c2a9ec181a35a8d4
SSDEEP

12288:XoDlpedHgpFMb8mxG00Rzso9HYGep3YXNKJoqS3wATH4AIWQ/BHqfIdFPDRX:hVgpioRRzxOjYDkd1DRX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e22aa040454481ee1db20b85103f511_JaffaCakes118

Files

2e22aa040454481ee1db20b85103f511_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c2e231f63a627a377d4c7c56089e97c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\bld\nview\main\nView\bin\URelease\nwiz.pdb

Imports

kernel32

SetConsoleCtrlHandler
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetStdHandle
LoadLibraryA
GetOEMCP
GetACP
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetCPInfo
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
GetStdHandle
WriteFile
TerminateProcess
ExitProcess
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
VirtualQuery
InterlockedExchange
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetLastError
TlsAlloc
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
DeleteCriticalSection
GetVersionExA
FlushFileBuffers
GetLocaleInfoW
ReadFile
CompareStringA
CompareStringW
GetCommandLineW
GetVersionExW
WaitForSingleObject
ReleaseMutex
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindFirstFileW
FindClose
SetFileAttributesW
MoveFileExW
GetWindowsDirectoryW
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
CreateFileW
CreateProcessW
GetExitCodeProcess
CloseHandle
GetCurrentThread
LocalAlloc
LocalFree
WideCharToMultiByte
GetCurrentProcess
lstrcmpiW
GetUserDefaultLCID
lstrcpynW
lstrcatW
Sleep
lstrlenW
CreateMutexW
GetLastError
lstrcmpW
OutputDebugStringW
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
FreeLibrary
GetUserDefaultLangID
lstrcpyW
LoadLibraryW
GetSystemDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameA
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlUnwind
GetModuleHandleA
SetEnvironmentVariableA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

user32

FindWindowExW
IsWindowVisible
PostQuitMessage
PtInRect
MessageBoxW
SystemParametersInfoW
ReleaseDC
SendDlgItemMessageW
wvsprintfW
wsprintfA
ExitWindowsEx
GetClassNameW
MapWindowPoints
MapDialogRect
InvalidateRect
CallWindowProcW
LoadImageW
IsWindowEnabled
SetFocus
DestroyWindow
KillTimer
SetWindowTextW
GetClientRect
GetWindowRect
ScreenToClient
CheckDlgButton
MoveWindow
IsDlgButtonChecked
CheckRadioButton
EnableWindow
LoadStringW
SetWindowLongW
DialogBoxParamW
SetDlgItemTextW
EndDialog
SetTimer
GetDlgItem
IsWindow
GetDC
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
DefWindowProcW
BeginPaint
EndPaint
GetParent
FindWindowW
SendMessageW
PostMessageW
EnumDisplaySettingsW
GetSystemMetrics
ChangeDisplaySettingsW
wsprintfW
GetWindowLongW

gdi32

CreateFontW
GetDeviceCaps
GetObjectW
CreateBrushIndirect
PatBlt
GetPixel
CreateCompatibleDC
CreateBitmap
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
BitBlt
SetBkColor
GetStockObject
CreateFontIndirectW
SelectObject
SetTextColor
GetTextExtentPoint32W
TextOutW
DeleteObject
CreateDCW
DeleteDC
SetBkMode

comctl32

PropertySheetW
CreatePropertySheetPageW

advapi32

RegDeleteValueW
RegFlushKey
RegEnumKeyExW
RegLoadKeyW
RegUnLoadKeyW
RegDeleteKeyW
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteW

Sections

.text
Size: 232KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zrdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6c2e231f63a627a377d4c7c56089e97c

Headers

File Characteristics

PDB Paths

Imports

kernel32

version

user32

gdi32

comctl32

advapi32

shell32

Sections

.text Size: 232KB - Virtual size: 230KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 12KB - Virtual size: 48KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.zrdata Size: 60KB - Virtual size: 60KB

.text
Size: 232KB - Virtual size: 230KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 12KB - Virtual size: 48KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.zrdata
Size: 60KB - Virtual size: 60KB