2c6bba746e6f0d914eecff164cb59509_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c6bba746e6f0d914eecff164cb59509_JaffaCakes118
Size

501KB
MD5

2c6bba746e6f0d914eecff164cb59509
SHA1

3e2479ec8b4b5e5a7967f1fec8e02998cadf04a7
SHA256

1d7be9314568ca1606cffa3841d6575d4eba3061430e44e45d5b4661d1fc420b
SHA512

ed16facdddc5e503b2b3ba61254e29e48cb1c90357a646cc019d870e34c6ce02f88cd18ef721c47127bd32e188b9614ce8d828dfaeadb16b89fd160659339040
SSDEEP

12288:hU3py66JWNrlUANQOQA+gapdbZlMoP05b:a3+2rHVFMBZO1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c6bba746e6f0d914eecff164cb59509_JaffaCakes118

Files

2c6bba746e6f0d914eecff164cb59509_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e8f857d8e7b5dededcc653850714962

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\jko.pdb

Imports

kernel32

OpenWaitableTimerA
FindFirstFileA
MoveFileExW
IsBadWritePtr
IsDebuggerPresent
CompareStringA
HeapCreate
GetLocalTime
GetModuleFileNameW
HeapFree
InterlockedIncrement
GetVersion
TlsFree
EnterCriticalSection
lstrcat
GetFileType
GetCurrentThreadId
InterlockedDecrement
InterlockedExchange
RtlUnwind
SetStdHandle
EnumCalendarInfoExW
GetComputerNameW
TlsAlloc
LoadLibraryA
CloseHandle
InitializeCriticalSection
VirtualAlloc
GetStartupInfoW
FindFirstFileExW
WideCharToMultiByte
GetCommandLineW
VirtualFree
TerminateProcess
DeleteCriticalSection
GetCurrentProcessId
SetEnvironmentVariableA
GetProcAddress
ReadConsoleOutputCharacterA
QueryPerformanceCounter
LCMapStringA
TlsGetValue
FlushFileBuffers
WaitForSingleObjectEx
LeaveCriticalSection
HeapReAlloc
GetConsoleTitleW
GetTimeZoneInformation
GetModuleFileNameA
VirtualQuery
WriteConsoleW
OpenMutexA
GetLastError
HeapAlloc
GetSystemTimeAsFileTime
ExitProcess
LCMapStringW
EnumResourceLanguagesW
TlsSetValue
GetStdHandle
GetNumberFormatW
CreateMutexA
GetStringTypeW
GetEnvironmentStringsW
SetLastError
GetEnvironmentStrings
GetSystemTime
FreeEnvironmentStringsA
CompareStringW
SetHandleCount
ReadFile
WriteConsoleInputA
GetStringTypeA
FreeEnvironmentStringsW
WriteFile
GetStartupInfoA
SetFilePointer
GetCurrentProcess
GetModuleHandleA
UnhandledExceptionFilter
GetCommandLineA
HeapDestroy
FindResourceA
WriteProfileSectionW
GetCPInfo
GetCurrentThread
MultiByteToWideChar
GetTickCount

comctl32

InitCommonControlsEx

user32

SendMessageTimeoutA
SetWindowTextW
OemToCharW
OpenClipboard
DlgDirListW
GetGUIThreadInfo
LoadMenuIndirectW
CreateWindowExA
RegisterClassA
RegisterClassExA
LockWindowUpdate
CreateIcon
CharLowerA

gdi32

UpdateICMRegKeyA
GetObjectType
GetObjectW
SetMetaRgn
GetLogColorSpaceW
SetArcDirection
SetAbortProc

advapi32

CryptGetDefaultProviderA
RegRestoreKeyW
LookupPrivilegeDisplayNameA
InitiateSystemShutdownW
GetUserNameA
CryptGetProvParam
CryptGetHashParam
CryptDuplicateHash
CryptGenKey
RegReplaceKeyA
CryptVerifySignatureA
RegEnumKeyA
RegConnectRegistryW
CryptDestroyKey
CryptGetDefaultProviderW
RegDeleteValueA
RegEnumValueW
CryptEnumProvidersW
LookupSecurityDescriptorPartsA

wininet

HttpSendRequestA
InternetCombineUrlA
InternetSetOptionW
UrlZonesDetach

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e8f857d8e7b5dededcc653850714962

Headers

File Characteristics

PDB Paths

Imports

kernel32

comctl32

user32

gdi32

advapi32

wininet

Sections

.text Size: 318KB - Virtual size: 317KB

.rdata Size: 62KB - Virtual size: 74KB

.data Size: 103KB - Virtual size: 102KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 62KB - Virtual size: 74KB

.data
Size: 103KB - Virtual size: 102KB

.rsrc
Size: 16KB - Virtual size: 16KB