2bef25930eb9a0734a1229718740f0c5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2bef25930eb9a0734a1229718740f0c5_JaffaCakes118
Size

525KB
MD5

2bef25930eb9a0734a1229718740f0c5
SHA1

5f4171004d35131e6e36213cc305704466faf626
SHA256

346344eab91a30a7ff0b1145af04df1a63340c19973dc4f183847e0b215febaa
SHA512

dbd4ffa852a4deee05ccb80cf7203cb720a55aadf5647e7fc45e9fc12e11041d1cccd5ad4bdb68a7903503b5f4ae02ea85b3e30e91ac1b359a3df3442ad9142d
SSDEEP

12288:HWPZ0sWpkqRU9+QRicq5GCr7OABeUYt8rr/zooWT6Q3XNswFEQh:H20n58O7O/5S/MoWTRGUEQh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bef25930eb9a0734a1229718740f0c5_JaffaCakes118

Files

2bef25930eb9a0734a1229718740f0c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5099601b3490979ad7a1b73064a86a3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
WritePrivateProfileSectionW
EnumResourceNamesW
DuplicateHandle
GetModuleHandleA
ExpandEnvironmentStringsW
EnumTimeFormatsW
CreatePipe
CreateWaitableTimerA
GetLogicalDriveStringsA
SetEnvironmentVariableW
ClearCommBreak
WriteFile
SetCurrentDirectoryA
IsBadReadPtr
GetLargestConsoleWindowSize
IsBadWritePtr
ScrollConsoleScreenBufferA
_llseek
OutputDebugStringA
ReleaseSemaphore
GlobalFindAtomW
LoadLibraryExW
SetConsoleWindowInfo
GetConsoleCursorInfo
Beep
VirtualQuery
FileTimeToLocalFileTime
RemoveDirectoryA
GetBinaryTypeA
GetStringTypeExW
GetUserDefaultLCID
GetCommConfig
GetVersion
FindCloseChangeNotification
FindResourceExA
CreateDirectoryA
FlushConsoleInputBuffer
CreateNamedPipeW
SetConsoleTitleA
SetMailslotInfo
lstrcmpiA
GetFileAttributesExA
GlobalFindAtomA
VirtualFree
GetSystemInfo
GlobalUnlock
SearchPathW
VirtualQueryEx
GetHandleInformation
GetFileAttributesA
WritePrivateProfileStringW
SetTimeZoneInformation
SetConsoleOutputCP
CreateEventA
GlobalFlags
GetDriveTypeW
GetSystemDirectoryW
WriteConsoleOutputCharacterA
GetProfileIntA
GetBinaryTypeW
IsValidLocale
ReadConsoleInputW
TryEnterCriticalSection
LeaveCriticalSection
FindResourceExW
SwitchToFiber
SetNamedPipeHandleState
DeleteCriticalSection
GetUserDefaultLangID
GetThreadContext
OpenMutexA
VirtualProtect
GetLongPathNameA
SetFileTime
VirtualAlloc
QueryDosDeviceA
GetThreadPriority
SetThreadPriorityBoost
SetThreadLocale
GetPrivateProfileSectionW
GetOEMCP
GetACP
OutputDebugStringW
ExitProcess

user32

PostThreadMessageW
GetWindowDC
GetTopWindow
FindWindowA
GetAncestor
CreateDialogIndirectParamW
ShowOwnedPopups
GetNextDlgGroupItem
IsWindowVisible
EnumWindows
InflateRect
SetForegroundWindow
EnumThreadWindows
UnionRect
GetDialogBaseUnits
GetMessageA
GetClassInfoExW
DrawCaption
WinHelpA
InvertRect
SetCaretPos
SetCapture
GrayStringA
LoadIconW
OpenClipboard
DeferWindowPos
CreateDialogIndirectParamA
DragDetect
ClipCursor
ShowCursor
CreateDesktopW
GetUpdateRect
GetMenuItemInfoA
BeginDeferWindowPos
GetMenuInfo
ValidateRgn
CharPrevA
ChangeMenuA
GetClassInfoA
SetThreadDesktop
GetMenuStringW
EmptyClipboard
IsCharUpperW
NotifyWinEvent
SetMessageQueue
SetRect
CreateAcceleratorTableA

gdi32

CreateCompatibleDC
ExtCreatePen
GetCharWidthA
ExtTextOutW
CreateRectRgn
SetPolyFillMode
StrokeAndFillPath
DPtoLP
DeleteEnhMetaFile
InvertRgn
LineTo
LPtoDP
IntersectClipRect
CreatePolyPolygonRgn
GetOutlineTextMetricsA

comdlg32

ChooseFontW
GetOpenFileNameA

advapi32

ChangeServiceConfigW
InitializeAcl
UnlockServiceDatabase
RegConnectRegistryW
LookupAccountNameA
IsValidSid
RegSetValueExW
GetSecurityDescriptorLength
RegReplaceKeyW
ImpersonateLoggedOnUser
GetAclInformation
GetFileSecurityA
NotifyChangeEventLog
AllocateLocallyUniqueId
RegSaveKeyW
GetAce
RegSetValueW
SetThreadToken
CryptGetKeyParam
SetFileSecurityA
SetTokenInformation
DuplicateToken

shell32

SHLoadInProc
SHGetDesktopFolder
SHFileOperationW
SHGetSettings

ole32

OleRegGetUserType
CoImpersonateClient

oleaut32

SafeArrayGetElement
SysFreeString
VariantCopy
SysAllocStringLen

comctl32

CreatePropertySheetPageW
ImageList_BeginDrag

msvcrt

_vsnwprintf
__doserrno
abort
system
ftell
_flushall
freopen
ferror
fscanf
_chdrive
_umask
_strupr
_splitpath
_mbsnbicmp
_mbsrchr
signal
_wcsdup
_errno
atof
strpbrk
fputc
_stat

Sections

.text
Size: 8KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5099601b3490979ad7a1b73064a86a3e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

msvcrt

Sections

.text Size: 8KB - Virtual size: 203KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 252KB - Virtual size: 250KB

.rsrc Size: 8KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 203KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 252KB - Virtual size: 250KB

.rsrc
Size: 8KB - Virtual size: 5KB