2b0275b0278d4f234c6d51a806740e4d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b0275b0278d4f234c6d51a806740e4d_JaffaCakes118
Size

364KB
MD5

2b0275b0278d4f234c6d51a806740e4d
SHA1

babb00647f16d428e9c32ff1b2ae9ecc7b6af8d8
SHA256

1d0ee7d7eda76d40a07dec08a607e5fdf65947c011846ad82170ee29ed81a134
SHA512

47dc83ae3f1dbc327209105ec30a836964d73114cc89ae08e9607600d36cc9d9930c4e4f628df24a0b33b54cd78c260190aa48911f2fec353d46536e420f3b41
SSDEEP

6144:b1FqCH7kc9OYcSP19H7CLOGytl1tWCsdHftVVJXdWu2k4pssSuit3kuFxVswEnJv:b1fH7f92SWzql15sZnPt3F47S7JnFxVW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b0275b0278d4f234c6d51a806740e4d_JaffaCakes118

Files

2b0275b0278d4f234c6d51a806740e4d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62037837defcc5af9d3faa07a020225d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\cse\hofaetd\nhehdu\ehv\eoh\dqxjsintu.PDB

Imports

wininet

GopherCreateLocatorW
DeleteUrlCacheEntryA
InternetCloseHandle
FindFirstUrlCacheGroup
InternetGetCookieW
IsUrlCacheEntryExpiredW
FindFirstUrlCacheEntryExA

shell32

SHInvokePrinterCommandA
ShellExecuteEx
SHChangeNotify
SHGetNewLinkInfo

kernel32

GetCPInfo
GetCurrentProcessId
TlsSetValue
GetLastError
VirtualQuery
GetAtomNameA
GetSystemTimeAsFileTime
InterlockedDecrement
WritePrivateProfileStructA
VirtualAllocEx
GetSystemDefaultLCID
GetEnvironmentStringsW
FlushFileBuffers
SetHandleCount
GetModuleFileNameW
HeapDestroy
EnumDateFormatsExW
EnumSystemLocalesA
MultiByteToWideChar
SetEnvironmentVariableA
WriteConsoleW
HeapCreate
IsDebuggerPresent
VirtualUnlock
EnterCriticalSection
CreateThread
DeleteCriticalSection
MoveFileW
CreateMutexA
GetSystemDirectoryA
GetLocaleInfoA
FindFirstFileExW
GetDateFormatA
GetCurrentProcess
GetModuleHandleW
ExitProcess
GetConsoleScreenBufferInfo
CreateFileA
OpenMutexA
VirtualAlloc
GetCommandLineA
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetPrivateProfileStructW
GetFileType
GetDiskFreeSpaceA
SetCurrentDirectoryW
LoadLibraryExA
VirtualFree
GetStdHandle
lstrcatW
HeapFree
TlsAlloc
GetTimeZoneInformation
GetComputerNameW
WriteConsoleA
GetCurrentThreadId
QueryPerformanceCounter
HeapAlloc
GetLocaleInfoW
HeapReAlloc
GetOEMCP
RemoveDirectoryW
GetCurrentThread
WriteFile
InterlockedIncrement
GetStartupInfoW
GetCurrencyFormatW
EnumCalendarInfoA
GetStartupInfoA
GlobalFree
GetStringTypeW
WideCharToMultiByte
GetNamedPipeHandleStateW
IsValidCodePage
InterlockedExchange
GetConsoleMode
RtlUnwind
GetDiskFreeSpaceW
LoadModule
GetACP
SetStdHandle
TlsGetValue
PulseEvent
LocalShrink
LockFile
GetUserDefaultLCID
LoadLibraryExW
SetLastError
UnhandledExceptionFilter
LCMapStringW
WritePrivateProfileStringA
LoadLibraryA
LockFileEx
Sleep
CreateRemoteThread
GetSystemDefaultLangID
SleepEx
GetShortPathNameA
SetEnvironmentVariableW
GlobalGetAtomNameA
GetConsoleCP
GetProcAddress
VirtualLock
SetConsoleMode
IsValidLocale
GetFileAttributesA
SetConsoleOutputCP
GlobalFindAtomA
GetLogicalDrives
EnumResourceTypesA
SetUnhandledExceptionFilter
LeaveCriticalSection
HeapSize
GetStringTypeA
VirtualProtect
FreeEnvironmentStringsW
WritePrivateProfileSectionA
SetConsoleCtrlHandler
GlobalReAlloc
GetCompressedFileSizeW
SetFilePointer
GetTimeFormatA
TerminateProcess
TlsFree
lstrcpynW
LoadLibraryW
OpenProcess
FreeLibrary
CloseHandle
OutputDebugStringA
CompareStringW
GetTickCount
GlobalUnfix
GetFileAttributesW
GetCommandLineW
WaitNamedPipeW
ExpandEnvironmentStringsA
ReadFile
GetConsoleOutputCP
CompareStringA
LCMapStringA
GetTempFileNameW
GlobalSize
EnumTimeFormatsA
GetModuleFileNameA

user32

LoadCursorFromFileA
CreateDialogIndirectParamW
GetIconInfo
MessageBoxExA
SetMenuItemInfoA
RegisterClassExA
MessageBoxExW
GetScrollInfo
FlashWindow
MessageBoxW
DeferWindowPos
VkKeyScanA
DefWindowProcW
OemKeyScan
UnregisterHotKey
DeleteMenu
GetFocus
CreateDialogIndirectParamA
CharNextA
ShowWindow
BeginDeferWindowPos
DdeQueryStringW
CharToOemBuffW
EnumPropsExA
ScrollDC
CreateDialogParamW
DestroyWindow
wsprintfW
WaitMessage
LoadStringA
CreateWindowExA
RegisterClassA

comctl32

CreateStatusWindowW
ImageList_EndDrag
ImageList_Draw
ImageList_SetDragCursorImage
ImageList_ReplaceIcon
ImageList_GetFlags
ImageList_Replace
ImageList_DragLeave
CreateUpDownControl
ImageList_Destroy
ImageList_GetIconSize
ImageList_Create
ImageList_LoadImageA
ImageList_SetFlags
ImageList_Duplicate
ImageList_AddIcon
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Write
CreatePropertySheetPageA
ImageList_AddMasked
DestroyPropertySheetPage
ImageList_SetOverlayImage

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62037837defcc5af9d3faa07a020225d

Headers

File Characteristics

PDB Paths

Imports

wininet

shell32

kernel32

user32

comctl32

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 96KB - Virtual size: 119KB

.rsrc Size: 48KB - Virtual size: 44KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 96KB - Virtual size: 119KB

.rsrc
Size: 48KB - Virtual size: 44KB