2c1f07dbb4e3b28abd03b3de3695a461_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c1f07dbb4e3b28abd03b3de3695a461_JaffaCakes118
Size

250KB
MD5

2c1f07dbb4e3b28abd03b3de3695a461
SHA1

5fdb70a38163261827632694ed99d1ac1dbe57fe
SHA256

180a34afe34504ce700ace8d52eae69174ac537c518d572aad1dc17dbb163683
SHA512

5d1f88fd408cfa84cad709c6012b076277ab5e7dcc0a4e08a0e68788e0149abd52a0a8f51b3a0d3291178addeb71d39b6c4398af5f1b0c3136ebed81e95cfcbb
SSDEEP

6144:bLTUpNn2+uw1z3Fp9B1aixPafWg91UUaD3EOxEFegWOU9:bLTE2xwNVp9fZxPa7CUOacrOk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c1f07dbb4e3b28abd03b3de3695a461_JaffaCakes118

Files

2c1f07dbb4e3b28abd03b3de3695a461_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9a33a0ae955d3be888c0fbee5ab627e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegQueryValueExA
RegCreateKeyW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExW

msvcrt

_controlfp
isdigit
_exit
_cexit
srand
exit

gdi32

CreatePen
CombineRgn
GetPixel
CreateCompatibleDC
DeleteObject
GetStockObject
StretchBlt
SetPixel
GetTextMetricsW

kernel32

HeapDestroy
VirtualAllocEx
WriteFileEx
GetTickCount
GetSystemDefaultLCID
HeapFree
GetQueuedCompletionStatus
GetStringTypeExA
ResumeThread
CreateThread
InterlockedIncrement
FileTimeToDosDateTime
LeaveCriticalSection
IsValidLocale
CreateFileA
GetCurrentProcessId
SetPriorityClass
GetThreadIOPendingFlag
GetStringTypeA
UnmapViewOfFile
EnterCriticalSection
HeapQueryInformation
TerminateThread
FileTimeToSystemTime
lstrcmpiA
EnumSystemLocalesA
SetLocaleInfoA
HeapCreate
EncodePointer
GetLocaleInfoA
SetThreadExecutionState
SetThreadPriorityBoost
GetEnvironmentStringsA
MapViewOfFile
RtlMoveMemory
ReadFile
ExitThread
SetThreadAffinityMask
DeleteCriticalSection
CreateNamedPipeA
SetFilePointer
lstrcmpA
ConvertDefaultLocale
OpenThread
AssignProcessToJobObject
DecodePointer
FlushViewOfFile
GetUserDefaultLCID
lstrcpynA
InterlockedCompareExchange
SetEnvironmentVariableA
OpenFileMappingA
CreateIoCompletionPort
lstrcpyW
SetThreadContext
GetCurrentProcess
WaitNamedPipeA
InitializeCriticalSection
CopyFileA
HeapAlloc
SetFilePointerEx
CreateFileMappingA
ExpandEnvironmentStringsA
InterlockedExchangeAdd
HeapWalk
GetThreadLocale
CloseHandle
GetThreadTimes
WaitForMultipleObjectsEx
lstrcpynW
DisconnectNamedPipe
GetThreadPriority
GetFileTime
ConnectNamedPipe
GetSystemDefaultLangID
SetCurrentDirectoryA
InterlockedDecrement
FreeEnvironmentStringsA

user32

MessageBoxW
SystemParametersInfoW
GetDesktopWindow
ReleaseCapture
RegisterClassW
KillTimer
MessageBeep
BeginPaint
GetSystemMetrics
GetMessageW
ShowWindow
GetClientRect
PostMessageW
IsIconic
FlashWindow
DispatchMessageW
GetDC
CreateWindowExW

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a33a0ae955d3be888c0fbee5ab627e7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcrt

gdi32

kernel32

user32

Sections

.text Size: 176KB - Virtual size: 176KB

.data Size: 67KB - Virtual size: 67KB

.rsrc Size: 5KB - Virtual size: 536KB

.text
Size: 176KB - Virtual size: 176KB

.data
Size: 67KB - Virtual size: 67KB

.rsrc
Size: 5KB - Virtual size: 536KB