2ac6c5fbdd0de1eacaa5a5c8c0fa8629_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2ac6c5fbdd0de1eacaa5a5c8c0fa8629_JaffaCakes118
Size

724KB
MD5

2ac6c5fbdd0de1eacaa5a5c8c0fa8629
SHA1

f85284cb7d22d6c0c7162200a003a9cb52c5d299
SHA256

9ac16b7f91aa6a8ad926e1b91ade3384aab2b3e88eb8323a7384fc7a69a54302
SHA512

90dd50f53dfc72f7f79fbb7809eaacf666533f413ac24a7777bdbb844dd87605307643c7205ef82854ff6b2ee1471df8e5ddd4ab298d79a724d8fbf8b7310227
SSDEEP

12288:1Qw2IS3dhOpMx/8jkzpF3E2S8juyGDUr3jaQRxbY:1lS3dVxZXWyEUrza6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ac6c5fbdd0de1eacaa5a5c8c0fa8629_JaffaCakes118

Files

2ac6c5fbdd0de1eacaa5a5c8c0fa8629_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80e98ccd5421f483ae30eebb76cc6ef2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ivz\hrvzut\exu.pdb

Imports

comctl32

ImageList_SetDragCursorImage
ImageList_BeginDrag
InitCommonControlsEx

wininet

HttpOpenRequestA
GopherOpenFileW
GopherGetAttributeW

user32

CreateDialogParamW
TabbedTextOutA
LookupIconIdFromDirectory
EnumPropsExW
GetWindowLongW
ChangeDisplaySettingsExA
AppendMenuW
RegisterClassExA
MonitorFromRect
IsWindowUnicode
FreeDDElParam
ChangeDisplaySettingsExW
SetSystemCursor
DlgDirSelectComboBoxExA
OemKeyScan
GetWindowPlacement
DdeCreateStringHandleW
DdeReconnect
SetWindowsHookA
SetWindowWord
TrackPopupMenu
SetDlgItemTextW
CallNextHookEx
EndMenu
AdjustWindowRectEx
ShowWindow
RegisterClassA
CreateMenu
MessageBoxIndirectA
GetClipboardViewer
GetMenuInfo
IsCharUpperW
DrawIconEx
GetWindowDC
ToAsciiEx
SendIMEMessageExW
PaintDesktop
LoadMenuA
SetClipboardViewer
ChangeMenuA
EndTask
CreateIconFromResource
MessageBoxExW
SetScrollPos
DeferWindowPos
GetMessageW
GetSysColor
GetClipboardSequenceNumber
SwapMouseButton
InsertMenuItemW
LoadStringA
IsCharAlphaNumericW
SetActiveWindow
DragDetect
CreatePopupMenu
SetMenuItemInfoA
CreateWindowExA
GetSysColorBrush
DestroyWindow
RegisterHotKey
WINNLSEnableIME
EnumDisplayDevicesW
CheckDlgButton
SetWindowPos
PeekMessageA
OemToCharBuffA
MonitorFromPoint
GetDoubleClickTime
MsgWaitForMultipleObjectsEx
PackDDElParam
CopyIcon
LoadImageA
TranslateAccelerator
UpdateWindow
IsClipboardFormatAvailable
PtInRect
CreateCaret
InflateRect
GetPriorityClipboardFormat
IsCharUpperA
ReleaseDC
InsertMenuW
SetMenuDefaultItem
EnumPropsExA
MapVirtualKeyA
ChangeMenuW
SetKeyboardState
CreateWindowStationW
GetKeyboardLayoutNameA
EndDialog
CheckMenuRadioItem
WinHelpW
DefWindowProcA
GetActiveWindow
GetMenuBarInfo
MessageBoxW
GetKeyboardState
CheckRadioButton
PostThreadMessageA
ToAscii

kernel32

TerminateProcess
HeapAlloc
GetCurrentThread
EnterCriticalSection
GetCurrentThreadId
CompareStringW
SetFilePointer
CreateDirectoryExW
GetPrivateProfileStringA
GetVersion
MultiByteToWideChar
CreateDirectoryExA
HeapCreate
GetDiskFreeSpaceExW
GetLocalTime
GetLastError
VirtualFree
SetThreadAffinityMask
SetHandleCount
WriteFile
OpenMutexA
FreeEnvironmentStringsW
SetEnvironmentVariableW
TlsFree
VirtualQuery
RtlMoveMemory
GetSystemTimeAsFileTime
WritePrivateProfileStringW
GetCommandLineA
GetModuleFileNameA
SetLastError
HeapReAlloc
SetConsoleMode
GetPrivateProfileIntW
GetProcAddress
GetFileType
AllocConsole
SetStdHandle
CompareStringA
LCMapStringW
QueryPerformanceCounter
FillConsoleOutputCharacterA
SystemTimeToFileTime
GetStringTypeExA
HeapFree
GetTickCount
UnhandledExceptionFilter
GetCPInfo
InitializeCriticalSection
LoadLibraryA
InterlockedExchange
GetOEMCP
GetConsoleScreenBufferInfo
GetFileAttributesA
lstrlen
VirtualAlloc
FlushFileBuffers
CloseHandle
GetStringTypeW
GetConsoleTitleW
GetEnvironmentStringsW
LeaveCriticalSection
GetCurrentDirectoryA
EnumResourceLanguagesA
GetCurrentProcessId
DeleteCriticalSection
WaitCommEvent
GetSystemDirectoryW
CreateProcessA
LocalLock
IsBadWritePtr
OpenFile
GetEnvironmentStrings
ReadFile
GetTimeZoneInformation
InterlockedDecrement
HeapLock
SetEnvironmentVariableA
CreateMutexA
LocalAlloc
EnumSystemCodePagesA
GetStartupInfoA
GetCurrentProcess
GetThreadLocale
GetProcessAffinityMask
HeapDestroy
lstrcatW
ReadConsoleOutputW
OpenFileMappingA
RtlUnwind
GetModuleHandleA
OpenEventA
InterlockedIncrement
GetStdHandle
GetSystemTime
GetStringTypeA
TlsAlloc
TlsGetValue
lstrcmpW
ExitProcess
GetThreadTimes
WideCharToMultiByte
FreeEnvironmentStringsA
WriteProfileStringW
LCMapStringA
GetACP
TlsSetValue

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80e98ccd5421f483ae30eebb76cc6ef2

Headers

File Characteristics

PDB Paths

Imports

comctl32

wininet

user32

kernel32

Sections

.text Size: 156KB - Virtual size: 152KB

.rdata Size: 392KB - Virtual size: 388KB

.data Size: 140KB - Virtual size: 137KB

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: 156KB - Virtual size: 152KB

.rdata
Size: 392KB - Virtual size: 388KB

.data
Size: 140KB - Virtual size: 137KB

.rsrc
Size: 32KB - Virtual size: 29KB