2aec0748555904150605a460cdc0fb07_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2aec0748555904150605a460cdc0fb07_JaffaCakes118
Size

732KB
MD5

2aec0748555904150605a460cdc0fb07
SHA1

2878f60e6f15f0a0124baf8e0afbeb8146182129
SHA256

aafdec4351e7016bc16035f571b93eb4136f9a6f5265c64d788ba426b6d0cb36
SHA512

17f88e5485627e317d43b233ba432cc8d68a51a6a22b38c334c4fad9182ef102af7232f585890381ad57d54de7933afb1a14bb90d57fc38473afff2be214278f
SSDEEP

12288:YtMj2mFDpAqTBYcfIMhVp2ug2g9StUVKZp+FS65kLglxRHdEtA+aaovU:Yg2MFAqTBYYhVpTptUkF65XHdEtjo8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2aec0748555904150605a460cdc0fb07_JaffaCakes118

Files

2aec0748555904150605a460cdc0fb07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a927d2c099116b2f66076968a93ae27a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\aseka\ecznqono.PDB

Imports

advapi32

StartServiceA
LookupSecurityDescriptorPartsA
RegDeleteValueW
RegEnumKeyExA
RegFlushKey
RegLoadKeyW
RegOpenKeyW

kernel32

MoveFileExW
GetWindowsDirectoryW
GetConsoleMode
SetCriticalSectionSpinCount
GetStartupInfoW
GetLocaleInfoW
FreeEnvironmentStringsW
GetThreadContext
GlobalLock
FindFirstFileExA
HeapFree
GetDateFormatA
GetVersion
IsBadWritePtr
ExitThread
QueryPerformanceCounter
VirtualFree
GetSystemDefaultLangID
GetSystemTimeAsFileTime
InterlockedCompareExchange
SetCurrentDirectoryW
GetCPInfo
ReadConsoleW
CloseHandle
GetOEMCP
GetEnvironmentStringsW
GetLocalTime
GetModuleHandleA
HeapCreate
HeapReAlloc
CompareStringA
WriteFile
LCMapStringW
LocalShrink
TlsGetValue
LCMapStringA
GetProcAddress
FreeEnvironmentStringsA
CreateMutexW
GetCurrentThreadId
SetHandleCount
InterlockedIncrement
lstrcpyA
GetStringTypeA
FindResourceW
WriteProfileStringA
GetPriorityClass
MapViewOfFile
CreateFileA
GetModuleFileNameW
SetEnvironmentVariableA
GetEnvironmentVariableA
UnhandledExceptionFilter
OpenMutexA
GetLastError
HeapAlloc
GetNumberFormatW
GetPrivateProfileIntA
SetFilePointer
GetModuleFileNameA
WriteFileEx
VirtualQuery
SetFileAttributesA
LoadLibraryA
WaitForDebugEvent
GlobalGetAtomNameA
GetConsoleTitleA
GetCommandLineW
FlushFileBuffers
ConnectNamedPipe
WideCharToMultiByte
ReadFile
TlsAlloc
GetTimeZoneInformation
LockResource
TlsSetValue
GetFileType
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineA
FormatMessageA
SetConsoleTextAttribute
EnterCriticalSection
GetDateFormatW
DeleteCriticalSection
lstrcmpW
GetSystemDirectoryA
GetStringTypeW
GetStartupInfoA
FillConsoleOutputCharacterW
InterlockedExchange
GetTickCount
TerminateProcess
SetLastError
RtlUnwind
SetConsoleWindowInfo
GetCurrentThread
VirtualAlloc
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetThreadSelectorEntry
LeaveCriticalSection
RtlFillMemory
CompareStringW
LoadLibraryExA
GetAtomNameW
SetConsoleCP
SetConsoleTitleW
CreateRemoteThread
EnumDateFormatsA
SystemTimeToFileTime
InitializeCriticalSection
CreateMutexA
HeapDestroy
InterlockedDecrement
GetStdHandle
GlobalAddAtomW
TlsFree
ExitProcess
lstrcmpi
MultiByteToWideChar
GetCurrentProcess
GetSystemTime

gdi32

CreateDCW
PolyPolygon
GdiGetBatchLimit
ArcTo
CreateScalableFontResourceW
GetCharWidthW
PlayEnhMetaFileRecord
PlayMetaFileRecord
DeleteColorSpace
PolyPolyline
Escape
GetCharWidthFloatA
CreateFontA
GetDeviceCaps
DeleteDC
StretchDIBits
GetObjectW
ResetDCA
SelectObject
DeviceCapabilitiesExA

wininet

FindFirstUrlCacheContainerW
LoadUrlCacheContent
FindNextUrlCacheGroup
FindFirstUrlCacheEntryA
InternetCombineUrlA

comctl32

ImageList_GetImageCount
CreatePropertySheetPageA
InitCommonControlsEx
ImageList_GetDragImage
ImageList_Duplicate
ImageList_BeginDrag
ImageList_GetBkColor
ImageList_AddIcon
InitMUILanguage
ImageList_DragLeave
ImageList_SetBkColor
ImageList_GetIconSize
ImageList_DrawIndirect
ImageList_Write
ImageList_AddMasked

user32

CreateDialogParamA
KillTimer
CharUpperBuffW
OpenInputDesktop
ToAscii
CopyImage
SetShellWindow
AdjustWindowRectEx
SendIMEMessageExW
DefWindowProcW
ShowWindow
SwitchToThisWindow
VkKeyScanA
UnregisterClassW
wvsprintfA
MessageBoxW
EnumDisplaySettingsExA
RegisterClassA
wsprintfA
BeginDeferWindowPos
TabbedTextOutA
WINNLSGetIMEHotkey
MessageBoxA
GetMenuItemID
IsChild
RegisterDeviceNotificationA
CreateWindowExW
DrawTextW
RegisterClassExA
TileChildWindows
SendMessageA
wsprintfW
IsCharAlphaW
DestroyWindow
AnimateWindow
EnumDesktopsW
IsDlgButtonChecked
DdeKeepStringHandle
EnumDisplaySettingsExW
IsCharAlphaNumericW
MapDialogRect
DrawEdge
GetWindowPlacement
SetWindowLongW
ChangeDisplaySettingsExW
LoadCursorFromFileA
DdeQueryStringA
DdeAddData
LoadKeyboardLayoutA
EnumPropsExW
SetLastErrorEx
SwapMouseButton

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 388KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a927d2c099116b2f66076968a93ae27a

Headers

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

wininet

comctl32

user32

Sections

.text Size: 180KB - Virtual size: 176KB

.rdata Size: 388KB - Virtual size: 385KB

.data Size: 136KB - Virtual size: 152KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 180KB - Virtual size: 176KB

.rdata
Size: 388KB - Virtual size: 385KB

.data
Size: 136KB - Virtual size: 152KB

.rsrc
Size: 24KB - Virtual size: 23KB