2c1d3071e0d36aa80b8f0807303b7fe8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c1d3071e0d36aa80b8f0807303b7fe8_JaffaCakes118
Size

628KB
MD5

2c1d3071e0d36aa80b8f0807303b7fe8
SHA1

55adbf5a9512ba6523a4611f0b72404cda899500
SHA256

e29ed1c2d709804466746110bfc1a0118fa8ad3975851a40f84141c314c2b4dd
SHA512

fa56dfee75c79e893c0b8f2fcec6571a5e3923fa5ff4f9bd7cc2e38bff28e74421b65550e763894962220f82414c4a6b8f72f77c5ac6bbb5174fad136b6f38c0
SSDEEP

12288:qKIDpmGTGW4GEUxP2OoxU3kdhmA8C6qmFYq8qFgxVfEfykBzb++GT:yvGeEUl2vbmA8wmCq8q8sdBz6PT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c1d3071e0d36aa80b8f0807303b7fe8_JaffaCakes118

Files

2c1d3071e0d36aa80b8f0807303b7fe8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1d00b9788f6141f3acdb3da6ea75b142

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\haogesve\gpaz\ipreeeieuk\teoezbgu\t

Imports

comdlg32

FindTextA
GetOpenFileNameW
PrintDlgW
GetFileTitleW

user32

GetWindowDC
GetMenuContextHelpId
SetMenu
GetCaretBlinkTime
CharLowerBuffA
ImpersonateDdeClientWindow
DispatchMessageW
NotifyWinEvent
InternalGetWindowText
CharPrevA
SetWinEventHook
WinHelpW
RegisterClassA
CharUpperBuffA
EnumDisplayDevicesA
RegisterClassExA
TabbedTextOutA

wininet

HttpCheckDavCompliance
SetUrlCacheEntryGroupW
RegisterUrlCacheNotification
ShowSecurityInfo
GetUrlCacheEntryInfoA

kernel32

LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
TlsAlloc
HeapCreate
WriteFile
EnumSystemLocalesA
TlsSetValue
IsBadWritePtr
CompareStringA
QueryPerformanceCounter
SetLastError
FlushFileBuffers
GetACP
DeleteFiber
DebugBreak
VirtualProtect
LCMapStringA
GetEnvironmentStrings
GetOEMCP
UnhandledExceptionFilter
TerminateProcess
LocalCompact
LCMapStringW
DeleteCriticalSection
SetSystemTime
GetModuleFileNameA
DeleteFileW
HeapReAlloc
GetFileSize
GetStartupInfoA
GetSystemInfo
SetFileTime
GetThreadPriority
GetDateFormatW
GetFileType
GetProcAddress
OpenSemaphoreA
GetSystemDirectoryA
LoadLibraryW
GetTimeZoneInformation
VirtualFreeEx
InterlockedIncrement
GetTickCount
GlobalFindAtomA
VirtualLock
GetTimeFormatA
HeapAlloc
GetCurrentProcess
GetComputerNameW
GetCurrentThread
SetStdHandle
InterlockedDecrement
FreeEnvironmentStringsA
ExitProcess
IsBadReadPtr
LockFile
GetEnvironmentStringsA
AddAtomW
SetVolumeLabelA
MultiByteToWideChar
SetEnvironmentVariableA
CreateDirectoryExA
GetProcAddress
LocalFileTimeToFileTime
HeapFree
GetProfileIntA
WriteProfileStringA
GetSystemTimeAsFileTime
GetDateFormatA
GetCurrentProcessId
VirtualProtectEx
SystemTimeToFileTime
FindNextFileA
OutputDebugStringA
GetStdHandle
SetConsoleCtrlHandler
SetLocaleInfoA
EnumResourceLanguagesW
WideCharToMultiByte
CompareStringW
HeapDestroy
SetComputerNameA
CopyFileExA
ReadFile
RtlUnwind
IsValidLocale
LoadLibraryA
GetCurrentThreadId
InterlockedExchange
GetFileTime
GetProcessShutdownParameters
CopyFileA
GetVersionExA
GetLocaleInfoA
GetUserDefaultLCID
SetUnhandledExceptionFilter
HeapValidate
GetLastError
CloseHandle
FreeEnvironmentStringsW
CreateMutexA
GetEnvironmentStringsW
GetCPInfo
InitializeCriticalSection
lstrlen
TlsFree
GetCommandLineA
OpenMutexA
GetLocaleInfoW
TlsGetValue
IsValidCodePage
AddAtomA
SetHandleCount
VirtualQuery
GetNamedPipeInfo
GetStringTypeA
GetModuleHandleA
GetWindowsDirectoryW
VirtualFree
RemoveDirectoryW
GetStringTypeW
SetFilePointer

shell32

RealShellExecuteExA
SHInvokePrinterCommandA
SHBrowseForFolder
SHGetDataFromIDListA

comctl32

ImageList_LoadImage
ImageList_GetFlags
ImageList_GetIcon
ImageList_DragShowNolock
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_DragMove
CreateStatusWindowW
ImageList_GetImageCount
ImageList_Add
DestroyPropertySheetPage
GetEffectiveClientRect
ImageList_Write
CreateToolbar
ImageList_SetImageCount
DrawStatusTextA
CreateStatusWindowA
ImageList_SetDragCursorImage
ImageList_DragLeave
InitCommonControlsEx
ImageList_ReplaceIcon
InitMUILanguage

advapi32

RegCreateKeyA
RegSetValueW
RegOpenKeyA
RegQueryValueA
DuplicateTokenEx
LookupPrivilegeValueA
InitializeSecurityDescriptor
CryptSetProviderExA
CryptSetProviderA
CryptEnumProviderTypesA
RegSaveKeyA
RegReplaceKeyW
CryptSetProviderW
CryptDestroyHash
RegSetKeySecurity

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d00b9788f6141f3acdb3da6ea75b142

Headers

File Characteristics

PDB Paths

Imports

comdlg32

user32

wininet

kernel32

shell32

comctl32

advapi32

Sections

.text Size: 228KB - Virtual size: 226KB

.rdata Size: 252KB - Virtual size: 248KB

.data Size: 120KB - Virtual size: 148KB

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 252KB - Virtual size: 248KB

.data
Size: 120KB - Virtual size: 148KB

.rsrc
Size: 24KB - Virtual size: 22KB