2bce0caf98738b52fca8665fe4a8ef1e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bce0caf98738b52fca8665fe4a8ef1e_JaffaCakes118
Size

27KB
MD5

2bce0caf98738b52fca8665fe4a8ef1e
SHA1

1781eaf1b305d3e42ea145777107c490ca24992e
SHA256

2044c77036f7346119c4c5ade7b6ed5525aba88ccf576fb1b13731ada3cfd534
SHA512

f3ae50bd6659e0fbed327bb9249e56208a1fe6e7fdce1c0c58d8953804167be9d1f5077767584db97886bfdbd337c1042f00fc5155f82d5e480d8defd55a0459
SSDEEP

384:D8TYPlYtRa2Z6HMzdfy6HeeMRdf1NSkwFqjB34PPDis3n9OLNl:4fkEq6H/MlWKOFA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bce0caf98738b52fca8665fe4a8ef1e_JaffaCakes118

Files

2bce0caf98738b52fca8665fe4a8ef1e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff066bda5fe1b6ea242c87e827404176

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
DosDateTimeToFileTime
lstrlenA
lstrlenW
LocalFileTimeToFileTime
GetStartupInfoA
GlobalHandle
GetCurrentProcess
lstrcpynW
GetSystemDirectoryW
GetCurrentProcessId
_lclose
_lread
LocalFree
lstrcmpW
GetSystemTimeAsFileTime
GetVersionExW
GetCurrentThread
_lwrite
GetTempPathW
GlobalAlloc
GetShortPathNameW
GlobalFree
lstrcmpiW
GetTickCount
GetTempFileNameW
LoadLibraryW
GlobalLock
InterlockedIncrement
FreeLibrary
LocalAlloc
QueryPerformanceCounter
GetCurrentThreadId
UnhandledExceptionFilter
GetModuleFileNameW
GetProcAddress
TerminateProcess
GlobalUnlock
SetThreadPriority
SetUnhandledExceptionFilter
_llseek
InterlockedDecrement
GetModuleHandleW
GetWindowsDirectoryW

msvcrt

_except_handler3
_adjust_fdiv
malloc
_initterm
free
memmove

shlwapi

PathFindFileNameW
PathAddBackslashA
StrFormatKBSizeW
PathCombineW
SHStrDupW
PathFindFileNameA
wnsprintfW
PathAppendW
StrCpyNW
StrCmpNW
StrRetToBufW

advapi32

BuildTrusteeWithNameA
CreateServiceW
ConvertSidToStringSidA
ControlTraceA
CredRenameW
CancelOverlappedAccess

shell32

SHGetDesktopFolder
SHGetFileInfoW
SHGetPathFromIDListW
SHGetPathFromIDListA
SHBindToParent
SHBrowseForFolderW
ShellExecuteW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
ReleaseStgMedium
CoTaskMemFree
OleSetClipboard

ntdll

NtUnloadDriver
NtAllocateVirtualMemory

rpcrt4

RpcStringFreeW

user32

CharNextW
SetMenuDefaultItem
GetMenuItemCount
LoadCursorW
RegisterClipboardFormatW
DeleteMenu
GetMenuItemInfoW
MessageBoxW
SetWindowTextW
DestroyMenu
InsertMenuItemW
SetCursor
GetSubMenu
LoadStringW
SendMessageW
CreatePopupMenu
LoadMenuW
RemoveMenu
InsertMenuW

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff066bda5fe1b6ea242c87e827404176

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

shlwapi

advapi32

shell32

ole32

ntdll

rpcrt4

user32

Sections

.text Size: 7KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 72KB

.rsrc Size: 8KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 7KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 72KB

.rsrc
Size: 8KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 36B