2ca5e01cd052b0046639453af02bc51a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ca5e01cd052b0046639453af02bc51a_JaffaCakes118
Size

436KB
MD5

2ca5e01cd052b0046639453af02bc51a
SHA1

6a058bad50183d49d8f559b02aa5c40ad283a123
SHA256

676d796da432d5d13f2cef111309a6c572970dac87bf5051a725f1dd3f9f2c75
SHA512

6637d8bf14558a33a50d13e79e6b82b85e7aa9b016e647c52a1cb3b93fd02a6c53004663f5a3f4cc1630728536324c5939f4e78147a2310108c32f2044a04c06
SSDEEP

6144:Z0XiDxJZZQ2CAMIc5bzST6j6nK006vQoQ2XI+GumW0OKWnQLX:KCle2qsTY6iaQkIzuDFQLX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ca5e01cd052b0046639453af02bc51a_JaffaCakes118

Files

2ca5e01cd052b0046639453af02bc51a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb8f702d01a5d1295709885672b8118f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoW
GetCommandLineW
TlsAlloc
GetACP
RtlUnwind
HeapSize
FreeEnvironmentStringsW
GetCurrentProcess
GetTimeZoneInformation
VirtualAlloc
TlsSetValue
SetHandleCount
HeapReAlloc
GetStringTypeA
VirtualAllocEx
GetStdHandle
GetFileType
TlsGetValue
GetModuleFileNameA
GetLocaleInfoA
HeapDestroy
ExitProcess
GetOEMCP
HeapCreate
IsValidCodePage
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetEnvironmentStringsW
LCMapStringW
QueryPerformanceCounter
CreateFileA
WriteFile
EnterCriticalSection
VirtualProtect
GetCurrentThreadId
GetEnvironmentStrings
HeapAlloc
GetSystemInfo
HeapFree
WideCharToMultiByte
UnhandledExceptionFilter
GetCurrentProcessId
FreeEnvironmentStringsA
InitializeCriticalSection
GetVersionExA
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetDateFormatA
GetStartupInfoA
IsBadWritePtr
GetLastError
SetEnvironmentVariableA
TlsFree
CompareStringA
GetCPInfo
GetModuleHandleA
ReadFileEx
GetModuleFileNameW
EnumSystemLocalesA
GetLogicalDriveStringsW
VirtualFree
DeleteCriticalSection
CompareStringW
GetCurrentThread
IsValidLocale
GetProcAddress
GetStartupInfoW
GetStringTypeW
GetCommandLineA
SetLastError
InterlockedExchange
LeaveCriticalSection
TerminateProcess
GetTimeFormatA
VirtualQuery
MultiByteToWideChar

advapi32

CryptHashData
RegCreateKeyA
CryptDecrypt
LookupPrivilegeDisplayNameA
RegCreateKeyW
CryptCreateHash
StartServiceW
InitializeSecurityDescriptor
CryptEnumProviderTypesW
RegCreateKeyExW
LookupPrivilegeValueW
RegRestoreKeyA
CryptDestroyHash

wininet

DeleteUrlCacheEntry
InternetGoOnlineA
GopherCreateLocatorW
InternetFortezzaCommand
InternetGetCertByURL
InternetGetConnectedStateEx
InternetCreateUrlW
InternetGetConnectedStateExA
InternetReadFile

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb8f702d01a5d1295709885672b8118f

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

Sections

.text Size: 150KB - Virtual size: 149KB

.data Size: 276KB - Virtual size: 301KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 150KB - Virtual size: 149KB

.data
Size: 276KB - Virtual size: 301KB

.rsrc
Size: 9KB - Virtual size: 9KB