2bcd65125bf9471e10079bbf1dce50a2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bcd65125bf9471e10079bbf1dce50a2_JaffaCakes118
Size

246KB
MD5

2bcd65125bf9471e10079bbf1dce50a2
SHA1

a9608893ae581854ef933ba787d50203b8f28ec8
SHA256

8259a31b3ea3ee73eb122613d34930c7be7716f109e4302f537861bd2fd13ad2
SHA512

059d7ff8499e8916bfad79ed4f9a01257ea2bd83ac1e127f6b5756af0976bb2fe22a202395252aef151a3ba0038ec437613fa5c32292ce942c0757354ad0722a
SSDEEP

6144:BdtNnUVLvj1z4rIwass17bvF4JJ/RCaTLx8aU1u2M:BdtNUD4Pasmdi53lyu9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bcd65125bf9471e10079bbf1dce50a2_JaffaCakes118

Files

2bcd65125bf9471e10079bbf1dce50a2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a58da5835c9b79d8de195446ba4e08d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileSectionA
VirtualQueryEx
GlobalGetAtomNameW
SetHandleCount
FormatMessageW
WaitForMultipleObjects
SearchPathW
GlobalReAlloc
IsBadWritePtr
GetOEMCP
FindFirstFileW
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesA
GetTimeZoneInformation
GetUserDefaultLCID
LockFile
HeapDestroy
lstrcatA
GetComputerNameA
GlobalFlags
LoadLibraryW
GetFileType
FindFirstFileA
HeapFree
GetCurrentThread
GetEnvironmentStringsW
VerifyVersionInfoW
GetCommandLineA
GetLocaleInfoW
VirtualFree
WritePrivateProfileSectionA
SystemTimeToFileTime
GetFileTime
UnhandledExceptionFilter
GetWindowsDirectoryW
LocalReAlloc
InitializeCriticalSection
CreateDirectoryW
GetDriveTypeW
GetEnvironmentVariableW
GetStringTypeExW
LoadLibraryA
SuspendThread
GlobalAddAtomA
LCMapStringA
GetPrivateProfileStringW
GetTempPathA
EnumResourceNamesW
QueryDosDeviceA
GetSystemTimeAsFileTime
GetFullPathNameA
FindResourceW
MapViewOfFileEx
FindResourceA
QueryPerformanceFrequency
FreeEnvironmentStringsA
WriteConsoleW
GetLocaleInfoA
GetFileSize
WriteProfileStringA
LoadLibraryExA
GetStartupInfoA
VirtualAlloc
GetModuleHandleA

version

GetFileVersionInfoA

user32

CopyAcceleratorTableA
SetWindowLongW
OffsetRect
TranslateAcceleratorW
ShowCursor
EnumClipboardFormats
GetTopWindow
GetActiveWindow
GetPropA
BeginDeferWindowPos
CreateCaret
ScreenToClient
DdeCreateStringHandleW
PostThreadMessageW
AttachThreadInput
InvalidateRect
UpdateWindow
SetMenuDefaultItem
HideCaret
LoadKeyboardLayoutA
GetMessagePos
ReplyMessage
GetWindowTextLengthW
CloseClipboard
CheckRadioButton
DeferWindowPos
EnableMenuItem
SetWindowLongA
GetWindowDC

advapi32

RegFlushKey
SetSecurityInfo
RegQueryValueExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegSetKeySecurity
CryptDestroyHash
SetServiceStatus
CryptAcquireContextA
StartServiceW
StartServiceCtrlDispatcherW
AddAce
SetFileSecurityW
GetSecurityInfo
RegQueryValueExW
CreateServiceA
QueryServiceConfigA

shell32

ExtractIconA
SHAppBarMessage
SHBrowseForFolderA
ExtractIconExW

winspool.drv

GetPrinterDriverA
EnumPrinterDriversA
SetPrinterA
ClosePrinter
GetPrinterDataA

oleaut32

GetActiveObject

ole32

ReleaseStgMedium
OleCreateFromData
RegisterDragDrop
GetHGlobalFromILockBytes
StringFromGUID2
OleIsRunning
WriteClassStm
StgIsStorageFile

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_controlfp
time
_purecall
floor
_stricmp
rand
towupper
wcsspn
_errno
fread
sprintf
realloc
memmove
swprintf
atoi
towlower
iswalnum
_wcsupr
_expand
wcslen
atol
atof
_wcsnicmp
strstr
_splitpath
wcscpy
_wcsdup
_CxxThrowException
strrchr
strncmp
iswdigit
bsearch
_cexit
tolower
wcstok
_wtoi
isspace
longjmp
_wcslwr
exit

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

agamigc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

iqcgiu
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

yooyg
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a58da5835c9b79d8de195446ba4e08d

Headers

File Characteristics

Imports

kernel32

version

user32

advapi32

shell32

winspool.drv

oleaut32

ole32

msvcrt

Sections

.text Size: 190KB - Virtual size: 189KB

agamigc Size: 42KB - Virtual size: 42KB

iqcgiu Size: 4KB - Virtual size: 4KB

yooyg Size: 8KB - Virtual size: 7KB

.text
Size: 190KB - Virtual size: 189KB

agamigc
Size: 42KB - Virtual size: 42KB

iqcgiu
Size: 4KB - Virtual size: 4KB

yooyg
Size: 8KB - Virtual size: 7KB