2b6947c76edea331bf358edb5dc312c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b6947c76edea331bf358edb5dc312c8_JaffaCakes118
Size

561KB
MD5

2b6947c76edea331bf358edb5dc312c8
SHA1

38394c322065e8559580589081607ddbed43c749
SHA256

cbb697b5361a0c7b33f9d6bd09b707f102b284c12a7aaf469fc2bb837353676f
SHA512

e36fd8d71a28985b01b6fbd2ba77ea6e204bbc2e47b573cd310959bcb0614d7ef10098e36b057e42e7082821bf83e4e88e6ebe9c4d6d549df2f6143f684409f5
SSDEEP

12288:0RetXg7FllkhVNVoD/L21V8uw9O9Wz6siY3T7smU0r54iA:ietX0F/k1VoD/L2Mz9VVfnser53A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b6947c76edea331bf358edb5dc312c8_JaffaCakes118

Files

2b6947c76edea331bf358edb5dc312c8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd7b104499ad35e5d338865ac8402c1b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shell32

ExtractAssociatedIconExW
DragAcceptFiles
SHFreeNameMappings
SHGetMalloc
SHGetDataFromIDListA

kernel32

ReadFile
CloseHandle
DeleteFileW
InterlockedDecrement
GetOEMCP
GetACP
VirtualQuery
HeapDestroy
RtlUnwind
UnhandledExceptionFilter
HeapAlloc
QueryPerformanceCounter
VirtualAlloc
SetCurrentDirectoryW
GetProcAddress
HeapFree
SetHandleCount
FreeEnvironmentStringsW
GetDriveTypeA
GetEnvironmentVariableW
EnumCalendarInfoA
OpenMutexA
LCMapStringW
GetLocalTime
SetEndOfFile
LockFileEx
GetStringTypeA
GetTickCount
GetProfileIntW
GetEnvironmentStringsW
FormatMessageW
HeapReAlloc
LeaveCriticalSection
GetSystemTimeAsFileTime
WriteFile
TlsFree
GetEnvironmentStrings
IsBadWritePtr
GetTimeZoneInformation
GetCurrentThreadId
InterlockedIncrement
WriteProfileSectionA
LoadLibraryA
GetLastError
TlsSetValue
SetLastError
CompareStringA
GetCurrentProcess
TlsGetValue
EnumDateFormatsExA
InterlockedCompareExchange
GetCommandLineA
InterlockedExchange
HeapCreate
GetCurrentThread
GetModuleFileNameA
GetSystemTime
GetPrivateProfileStructA
PulseEvent
LCMapStringA
GetCurrentProcessId
GetVersion
SetStdHandle
CreateMutexA
GetStdHandle
TerminateProcess
WritePrivateProfileStringW
SetFilePointer
GetModuleHandleA
EnumResourceTypesA
FreeEnvironmentStringsA
DeleteCriticalSection
MultiByteToWideChar
FlushFileBuffers
EnterCriticalSection
TlsAlloc
ExitProcess
VirtualFree
InitializeCriticalSection
WideCharToMultiByte
WriteConsoleA
GetCPInfo
CompareStringW
GetPrivateProfileSectionA
GetFileType
GetStartupInfoA
OpenWaitableTimerA
GetStringTypeW
SetEnvironmentVariableA

user32

ActivateKeyboardLayout
GetPropW
RegisterClassExA
RegisterClassA
IsMenu
CharLowerBuffA
DefMDIChildProcA

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd7b104499ad35e5d338865ac8402c1b

Headers

File Characteristics

Imports

comctl32

shell32

kernel32

user32

Sections

.text Size: 228KB - Virtual size: 228KB

.rdata Size: 4KB - Virtual size: 34KB

.data Size: 314KB - Virtual size: 314KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 228KB - Virtual size: 228KB

.rdata
Size: 4KB - Virtual size: 34KB

.data
Size: 314KB - Virtual size: 314KB

.rsrc
Size: 13KB - Virtual size: 12KB