2b87a811ffbdbeff1a8435db11b82f3a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b87a811ffbdbeff1a8435db11b82f3a_JaffaCakes118
Size

588KB
MD5

2b87a811ffbdbeff1a8435db11b82f3a
SHA1

15bb0e111a5dbc9e417c47db56f58042f945f9c1
SHA256

69236cd705079d09eec0a498463358d331a96fc64f74b559a8f7933ba6e17684
SHA512

125909ae8c92bc4dd4e5d90bf7e3e88ae087ff810272f4ad26efa8ab837cc633d82d1e532d504e4200a25e3c5febfb6d413c37db2e1195c163639aed331c7f8a
SSDEEP

12288:xaQo4RchLNbOgxQ0hOXZIyvcU+ilumySGgiB92C420gfO:xLGN5xQ0hGPcLkyFB9t420e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b87a811ffbdbeff1a8435db11b82f3a_JaffaCakes118

Files

2b87a811ffbdbeff1a8435db11b82f3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a6acce6b67dcbb4091e2da29e24853aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\emxyiihfto\ybyd\wztqees.pdb

Imports

kernel32

GetCurrentProcessId
GetLogicalDriveStringsW
CreateEventA
MultiByteToWideChar
OpenWaitableTimerW
WriteConsoleOutputCharacterW
GetOEMCP
CreateFileA
HeapFree
RemoveDirectoryW
SetHandleCount
GetModuleFileNameW
GetEnvironmentStringsW
TerminateProcess
GetProcessHeap
FlushInstructionCache
OutputDebugStringA
WaitForSingleObjectEx
GetDateFormatA
GetEnvironmentStrings
ReadConsoleW
LeaveCriticalSection
CloseHandle
SetLastError
GetVersionExA
GetCommandLineA
GetModuleHandleA
GetUserDefaultLCID
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetFileType
WideCharToMultiByte
AddAtomW
GetStringTypeW
IsValidLocale
CompareStringA
GetCalendarInfoW
GetStartupInfoA
GetExitCodeProcess
VirtualQuery
FlushFileBuffers
GetCurrentThread
GetCurrentThreadId
CreateMutexA
GetACP
GetTickCount
SetFilePointer
GetCurrentProcess
CreateSemaphoreA
WriteFile
EnumSystemLocalesA
CompareStringW
Sleep
GlobalFlags
WriteConsoleW
CompareFileTime
CreateDirectoryA
GetConsoleMode
GetCPInfo
InitializeCriticalSection
HeapSize
GetLastError
GetStringTypeA
TlsAlloc
LocalFileTimeToFileTime
LCMapStringW
VirtualFree
GetConsoleOutputCP
SetEnvironmentVariableA
IsDebuggerPresent
UnmapViewOfFile
RtlUnwind
GetPrivateProfileStringA
QueryPerformanceCounter
lstrcmpi
HeapCreate
GetTimeFormatA
FreeEnvironmentStringsW
FreeLibrary
DeleteCriticalSection
GetDateFormatW
ReadConsoleOutputW
GetStringTypeExA
CreateFileW
FileTimeToLocalFileTime
GetTimeZoneInformation
InterlockedIncrement
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetConsoleCP
CreateToolhelp32Snapshot
GetNamedPipeInfo
GetLocaleInfoA
GetModuleFileNameA
FindClose
SuspendThread
TlsSetValue
LoadLibraryA
DeleteAtom
WriteConsoleInputW
InterlockedDecrement
lstrcatW
SetStdHandle
UnhandledExceptionFilter
TlsGetValue
HeapAlloc
EnterCriticalSection
TlsFree
GlobalFindAtomA
GetStdHandle
lstrcmp
VirtualAlloc
GetProcAddress
OpenMutexA
ExitProcess
HeapDestroy
WriteConsoleA
HeapReAlloc
VirtualLock
GetSystemDirectoryA
SetCurrentDirectoryW
LCMapStringA
OpenEventW
GetProfileIntA
ReadFile
DebugActiveProcess
GetCompressedFileSizeW
InterlockedExchange
GetCommandLineW
SetUnhandledExceptionFilter
GetLocaleInfoW
IsValidCodePage
SetConsoleTextAttribute

user32

GetKeyNameTextA
GetKeyboardLayoutNameW
CreateIconIndirect
ShowWindow
EnumWindowStationsW
GetNextDlgTabItem
MapVirtualKeyW
GetClassInfoA
DestroyWindow
DispatchMessageA
AnimateWindow
SetWindowContextHelpId
InsertMenuItemW
LoadKeyboardLayoutA
KillTimer
RemoveMenu
PostMessageA
CharUpperW
LoadStringA
GetClipboardData
RegisterWindowMessageW
RegisterClassExA
SubtractRect
OemKeyScan
CreateWindowExA
GetMenuItemInfoA
GetWindowRgn
MsgWaitForMultipleObjects
WINNLSGetIMEHotkey
SetUserObjectSecurity
GetCursor
GetKeyboardLayoutNameA
DefWindowProcA
MessageBoxA
FindWindowExA
LoadIconW
ShowWindowAsync
GetTitleBarInfo
DefFrameProcA
DrawFrameControl
BeginPaint
ToUnicodeEx
LoadCursorW
DestroyCursor
SendNotifyMessageA
SwitchToThisWindow
GetNextDlgGroupItem
RegisterHotKey
EqualRect
HideCaret
EnumDisplayDevicesA
RegisterClassA
LoadIconA
PostQuitMessage
GetMenuCheckMarkDimensions
SetWindowPos
SetForegroundWindow
MsgWaitForMultipleObjectsEx

comctl32

ImageList_GetIconSize
CreatePropertySheetPageA
CreatePropertySheetPage
InitCommonControlsEx
DrawStatusText
ImageList_GetDragImage
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_DrawIndirect
CreatePropertySheetPageW
ImageList_GetImageRect
ImageList_SetIconSize
ImageList_DragEnter
ImageList_GetImageInfo
CreateStatusWindow
ImageList_Read
ImageList_Add
ImageList_GetFlags
ImageList_Write
ImageList_LoadImage

wininet

InternetCombineUrlA
HttpSendRequestW
InternetFindNextFileA
InternetSetDialStateA
FindNextUrlCacheEntryExW
FindNextUrlCacheContainerA

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6acce6b67dcbb4091e2da29e24853aa

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

wininet

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 248KB - Virtual size: 247KB

.data Size: 120KB - Virtual size: 139KB

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 248KB - Virtual size: 247KB

.data
Size: 120KB - Virtual size: 139KB

.rsrc
Size: 56KB - Virtual size: 53KB