2e41b10bb9bfc9f4eb273773954d7d86_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e41b10bb9bfc9f4eb273773954d7d86_JaffaCakes118
Size

5.7MB
MD5

2e41b10bb9bfc9f4eb273773954d7d86
SHA1

62a665c152c7dc63bc143814a6015f1c6d27082b
SHA256

904fd103a3ff329411692d22038645b647c0917aac350ae5b392332b223d4d4d
SHA512

560e7031dc68b4915f52d8b813a30bace22edcd3a85b988182408852fb2653d0f371b5fca06dc55fb7083a339f873f6c02e8f43b57d06c34ba77d6d7e6f280cc
SSDEEP

98304:MGNS87jRvjHuYh23KNoYhcFWbOTqr0brgLH4XvB83/UkfxmkHxtfOTAeH1P76z4/:MGE8pvaYXf7gJrEI83xHxtjexcHBbDzw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e41b10bb9bfc9f4eb273773954d7d86_JaffaCakes118

Files

2e41b10bb9bfc9f4eb273773954d7d86_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7b3220a51fd267a0c84c0bcd1b92178

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextCharacterExtra
GetEnhMetaFileDescriptionA

advapi32

IsValidAcl
CryptAcquireContextA
RegUnLoadKeyA
MapGenericMask
GetUserNameW
RegQueryValueW
RegSetValueA
OpenServiceA
CreateProcessAsUserA
OpenThreadToken
BuildTrusteeWithNameW
LookupPrivilegeDisplayNameA

shell32

DragFinish
FindExecutableA

kernel32

FlushFileBuffers
SuspendThread
GetSystemDefaultLangID
ExitProcess
IsProcessorFeaturePresent
EnumSystemCodePagesW
FindFirstFileExW
PulseEvent
WritePrivateProfileSectionW
GlobalFlags
SetHandleCount
FormatMessageA
VirtualLock
LocalFileTimeToFileTime
GenerateConsoleCtrlEvent
lstrcmpiA
WriteConsoleOutputW
SetVolumeLabelA

oleaut32

LoadTypeLibEx
SafeArrayCreate

user32

SetClipboardData
SetActiveWindow
GetWindowLongW
MapVirtualKeyA
SetScrollPos
OpenIcon
SetCursorPos
CharPrevA
RegisterClassExA
SystemParametersInfoA
GetCursorPos
GetClipboardFormatNameA
GetClipCursor
GetMessageW
EnumWindows
SetForegroundWindow
DefMDIChildProcW
BroadcastSystemMessageA
RegisterClassExW
DeleteMenu
CountClipboardFormats
SendMessageTimeoutW
SystemParametersInfoW
ValidateRect

ws2_32

WSAResetEvent
WSANtohs
accept
WSAIsBlocking
WSASetBlockingHook
recv
closesocket

comdlg32

ReplaceTextW
GetOpenFileNameA

msvcrt

signal
strncat
_strlwr
iswalpha
fputc
floor
getenv

Sections

.text
Size: 2KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7b3220a51fd267a0c84c0bcd1b92178

Headers

File Characteristics

Imports

gdi32

advapi32

shell32

kernel32

oleaut32

user32

ws2_32

comdlg32

msvcrt

Sections

.text Size: 2KB - Virtual size: 223KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 223KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 17KB - Virtual size: 16KB