2c499302b25f44e1b6b261ded124e700_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c499302b25f44e1b6b261ded124e700_JaffaCakes118
Size

288KB
MD5

2c499302b25f44e1b6b261ded124e700
SHA1

ccbb594e07c94bf335216326761c387e19021a9f
SHA256

e68aeba5822e7c4ed36224946a509e1790ac7858aff84f09d6de9cc51dc662bc
SHA512

21043af75d2616bb581864687d5fb3806a360499c29616931397b8b4fd3c45b4d1012f58b5960e68d3e0861d1b60ecd07151ab4a05131a72be696d47d8953233
SSDEEP

6144:SULrJNfOMQfkdg9ih7p+nvwvgUlnTfdYsiHHmYFujAxTgTuhKNI1Er9y:t/fO999ElvniNFu/ON1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c499302b25f44e1b6b261ded124e700_JaffaCakes118

Files

2c499302b25f44e1b6b261ded124e700_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aa04c1f826d3d69608e9a1bf6fa919db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
VirtualProtect
GetTapeParameters
SizeofResource
MultiByteToWideChar
SetConsoleOutputCP
LoadResource
ExitProcess
SetHandleCount
GetHandleInformation
GetCPInfo
OutputDebugStringA
CreateEventA
_hread
CreateProcessA
ReleaseMutex
GetEnvironmentStringsW
FormatMessageW
GlobalFree
DuplicateHandle
FindFirstFileExW
GetModuleFileNameW
GenerateConsoleCtrlEvent
GetDateFormatA
SetEnvironmentVariableW
GetCommandLineA
VirtualAlloc
GetShortPathNameA

user32

MenuItemFromPoint
GetDialogBaseUnits
IsCharAlphaNumericW
IsChild
WaitMessage

gdi32

SetStretchBltMode
CreateDIBPatternBrushPt
PlayEnhMetaFile
GetDCOrgEx

comdlg32

ChooseColorA
GetSaveFileNameA

advapi32

ChangeServiceConfigA
RegDeleteKeyW
ImpersonateLoggedOnUser
LookupAccountNameW
QueryServiceObjectSecurity
StartServiceA
SetSecurityDescriptorGroup
RegQueryInfoKeyW
GetAclInformation
BuildTrusteeWithSidW
SetSecurityDescriptorOwner
EnumDependentServicesW
ObjectDeleteAuditAlarmW
AddAce
RegOpenKeyA
CryptAcquireContextW
CryptSetProvParam
RegSetValueExW
GetSidIdentifierAuthority
CryptCreateHash
ReportEventW
CryptEncrypt
ChangeServiceConfigW
SetServiceObjectSecurity
RegEnumValueA
OpenServiceW
RegCreateKeyW
LookupAccountSidA
LookupPrivilegeDisplayNameA
RegReplaceKeyW
SetFileSecurityW
CreateServiceA
AccessCheckAndAuditAlarmA
RegOpenKeyExA
RegNotifyChangeKeyValue
SetServiceStatus
BuildTrusteeWithNameW
SetEntriesInAclA
LockServiceDatabase

shell32

DragFinish
SHFileOperationA
FindExecutableA
SHGetDesktopFolder

ole32

OleLockRunning
OleInitialize
CoLockObjectExternal
GetRunningObjectTable
CoMarshalInterThreadInterfaceInStream
CreateOleAdviseHolder
OleSetContainedObject

oleaut32

LoadTypeLi
LoadTypeLibEx
SysStringLen

comctl32

ImageList_LoadImageW

shlwapi

StrChrA
StrCmpNIW
StrDupA
PathAppendA
StrStrIA

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aa04c1f826d3d69608e9a1bf6fa919db

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 236KB - Virtual size: 232KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 44KB - Virtual size: 41KB

.text
Size: 236KB - Virtual size: 232KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 44KB - Virtual size: 41KB