2aa23ab7cff8ce3c57f51a7b0f8c6d04_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2aa23ab7cff8ce3c57f51a7b0f8c6d04_JaffaCakes118
Size

572KB
MD5

2aa23ab7cff8ce3c57f51a7b0f8c6d04
SHA1

e82b9e78e29ce58c7ed2b8a487b73aed9867e4fc
SHA256

9ed7707ba0682612e1693d7781efe9047f384c934de409c06f3d9a0169e0dac1
SHA512

12cd6fde159e54d81a69786d7bec2eed6776ef2df15336ad0e0cb578c2b368517973cb70960477cf515d67d24d7d25bb440c49b8978862e0c35472c831ece7b7
SSDEEP

12288:7P+44VUSjup+5Cd82AnUTgXcJLO4CC7pvBvnMRMVZC:72NUE2+5CyZnUpX7pV3ZC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aa23ab7cff8ce3c57f51a7b0f8c6d04_JaffaCakes118

Files

2aa23ab7cff8ce3c57f51a7b0f8c6d04_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0636f74b2303c80c7e0eec4d2c1879f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\groytsqgf\fybiboqml\kctky\qey\emgzr\qvtjopo.PDB

Imports

wininet

InternetTimeToSystemTime

user32

GetClipboardViewer
MessageBoxA
CharLowerA
GetClipboardSequenceNumber
SetMenuItemInfoA
DdeQueryNextServer
GetCaretPos
SwapMouseButton
EnumClipboardFormats
DestroyWindow
MessageBoxW
GetScrollPos
DdeNameService
RegisterClassExA
OpenInputDesktop
GetUserObjectInformationW
DlgDirSelectComboBoxExW
IsWindowUnicode
DdeReconnect
UnhookWinEvent
GetClipboardOwner
DestroyAcceleratorTable
MessageBeep
ScreenToClient
AnyPopup
ShowWindow
GetShellWindow
SetProcessDefaultLayout
EnumDesktopsA
SendMessageTimeoutW
CreateWindowExA
RegisterClassA
OpenDesktopA
DefWindowProcW
RegisterDeviceNotificationA
FindWindowExA
SetDeskWallpaper
GetIconInfo
SetDlgItemInt
DdeQueryConvInfo
OpenWindowStationW

kernel32

FlushFileBuffers
GetCurrentThread
LeaveCriticalSection
GetModuleFileNameA
WriteConsoleW
VirtualProtectEx
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStartupInfoA
WriteConsoleA
GetLastError
VirtualFree
EnumResourceTypesW
CreateFileA
GetOEMCP
DeleteCriticalSection
HeapAlloc
GetLongPathNameA
InterlockedDecrement
CompareStringA
GetEnvironmentVariableW
GlobalFree
TlsAlloc
GetStringTypeA
DeleteFileW
CloseHandle
OpenMutexA
TlsFree
EnumSystemLocalesA
LocalReAlloc
FreeEnvironmentStringsW
GetACP
GetConsoleMode
GetEnvironmentStringsW
LoadLibraryA
ExitProcess
VirtualAlloc
ReadConsoleW
FreeEnvironmentStringsA
GetDateFormatA
InterlockedExchange
IsDebuggerPresent
CreateMutexA
TlsGetValue
GetLogicalDriveStringsA
EnterCriticalSection
GetCurrentProcess
GetStringTypeW
VirtualAllocEx
GetVersionExA
HeapSize
GetTimeFormatA
LCMapStringA
GetCurrentThreadId
ReadFile
UnhandledExceptionFilter
SetFilePointer
FindClose
HeapDestroy
SetEnvironmentVariableA
GetConsoleOutputCP
IsValidLocale
FindAtomW
QueryPerformanceCounter
LCMapStringW
lstrlen
WaitForSingleObject
GetTickCount
HeapFree
HeapCreate
GetEnvironmentStrings
LoadResource
IsValidCodePage
FoldStringW
WriteFile
TerminateProcess
GetCommandLineW
VirtualQuery
CompareStringW
GetTimeZoneInformation
GetCurrentDirectoryA
WaitForSingleObjectEx
SetHandleCount
SetLastError
GetEnvironmentStringsA
GetConsoleCP
ExitThread
GetProcessHeap
SetStdHandle
GetThreadPriorityBoost
GetFileType
ReadConsoleOutputA
GetModuleHandleA
GlobalAlloc
GetUserDefaultLCID
FreeLibrary
SetConsoleCtrlHandler
MultiByteToWideChar
RtlUnwind
InitializeCriticalSection
Sleep
FindFirstFileExA
WideCharToMultiByte
InterlockedIncrement
GetCommandLineA
SetConsoleCursorInfo
GetLocaleInfoW
GetCPInfo
HeapReAlloc
GetCurrentProcessId
SetUnhandledExceptionFilter
TlsSetValue
EnumResourceNamesW

comctl32

ImageList_DragEnter
ImageList_AddMasked
ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetFilter
CreatePropertySheetPageW
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0636f74b2303c80c7e0eec4d2c1879f

Headers

File Characteristics

PDB Paths

Imports

wininet

user32

kernel32

comctl32

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 248KB - Virtual size: 246KB

.data Size: 120KB - Virtual size: 126KB

.rsrc Size: 28KB - Virtual size: 27KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 248KB - Virtual size: 246KB

.data
Size: 120KB - Virtual size: 126KB

.rsrc
Size: 28KB - Virtual size: 27KB