2e469922e10df66e7d394204eb3c4e16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e469922e10df66e7d394204eb3c4e16_JaffaCakes118
Size

515KB
MD5

2e469922e10df66e7d394204eb3c4e16
SHA1

500c44d4e10004ce60697464165b62fb98f9dab2
SHA256

1c01a92d1c797b30c3e82a392fa6c2c4b0dba817290e859316504e682e8b19ab
SHA512

3c97d383b9ccc7aa7dba1251f255233c9ee7cbde5e1c5952af87cd93eaa1043d8114b3f7d358e3653104aaa261979d7574600d581264efd8d8841aff39ac91ce
SSDEEP

12288:XMVE1ZyAxUuuo0htDR7aH9TuyeY1ywQMoEyJ6uTQJSH/cquXqpeo:XMVoyIUuuoIZROlj1ywQJsVSfTqn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e469922e10df66e7d394204eb3c4e16_JaffaCakes118

Files

2e469922e10df66e7d394204eb3c4e16_JaffaCakes118
.exe windows:4 windows x86 arch:x86

897f952f28d00c80d3949a6f969efe26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ajjotmy\nacxstj\twm

Imports

wininet

GetUrlCacheConfigInfoA
InternetGetLastResponseInfoW
InternetOpenUrlW
ShowCertificate

comctl32

InitCommonControlsEx

kernel32

GetLocaleInfoW
VirtualFree
CreateMutexA
GetCurrentThread
IsValidCodePage
Sleep
GetFileType
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
InitializeCriticalSection
TlsSetValue
SetConsoleCtrlHandler
GetTimeZoneInformation
GetOEMCP
SetFileAttributesA
SetEnvironmentVariableA
SetHandleCount
GetLastError
GetConsoleMode
LCMapStringW
GetDateFormatA
HeapReAlloc
VirtualQuery
LCMapStringA
GetStdHandle
EnumSystemLocalesA
HeapDestroy
LoadLibraryA
CloseHandle
IsValidLocale
TlsAlloc
HeapCreate
GetProcAddress
GetProcessHeap
GetModuleHandleA
SetStdHandle
GetCurrentThreadId
GetCommandLineA
InterlockedExchange
WriteConsoleA
WritePrivateProfileStringA
HeapAlloc
GetCurrentProcess
GetVersionExA
CompareStringA
GetLocaleInfoA
GetLogicalDriveStringsA
GetStringTypeW
InterlockedIncrement
HeapSize
GetStartupInfoA
FindResourceExA
LeaveCriticalSection
IsDebuggerPresent
GetSystemTimeAsFileTime
DeleteCriticalSection
RtlUnwind
GetEnvironmentStrings
GetACP
ReadFile
GetTimeFormatA
EnterCriticalSection
TlsGetValue
WideCharToMultiByte
CreateFileA
FreeEnvironmentStringsW
TerminateProcess
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetCPInfo
HeapFree
InterlockedDecrement
GetConsoleCP
OpenMutexA
GetTickCount
FreeLibrary
SetLastError
WriteFile
WriteConsoleW
MultiByteToWideChar
GetUserDefaultLCID
GetComputerNameW
CompareStringW
GetStringTypeA
UnhandledExceptionFilter
TlsFree
WaitNamedPipeW
GetConsoleOutputCP
GetSystemDirectoryA
VirtualAlloc
SetFilePointer
RemoveDirectoryA
LocalAlloc
GetCurrentProcessId
ExitProcess
GetModuleFileNameA

user32

RegisterClipboardFormatA
SendMessageW
MessageBoxW
GetNextDlgGroupItem
ValidateRect
GetSysColor
CreateWindowExW
GetWindowPlacement
CreateAcceleratorTableW
UnhookWindowsHook
ShowWindow
CascadeWindows
RegisterClassExA
RegisterClassA
DrawFocusRect
ScrollWindowEx
AnimateWindow
GetAltTabInfo

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

897f952f28d00c80d3949a6f969efe26

Headers

File Characteristics

PDB Paths

Imports

wininet

comctl32

kernel32

user32

Sections

.text Size: 342KB - Virtual size: 342KB

.rdata Size: 35KB - Virtual size: 63KB

.data Size: 116KB - Virtual size: 116KB

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 342KB - Virtual size: 342KB

.rdata
Size: 35KB - Virtual size: 63KB

.data
Size: 116KB - Virtual size: 116KB

.rsrc
Size: 19KB - Virtual size: 19KB