2d0cc8c5cba0ea3c2f3e8fefcf5ed658_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d0cc8c5cba0ea3c2f3e8fefcf5ed658_JaffaCakes118
Size

773KB
MD5

2d0cc8c5cba0ea3c2f3e8fefcf5ed658
SHA1

4629f6e45e74e2dec9f3d7a6fc529a225a6e6244
SHA256

87e4b626f4f6cd6d16137536d3100a287f68afe0e38c7329e6d31ec53b24bc42
SHA512

09a6c7c1679328543f88286519af0f7a7affeed1f34865fdc368b827ad4e206221489a3ef7cdbc5801f9418ecd017aba18a87afdab0c478749762dec8f2f2840
SSDEEP

24576:dz0hLzKZfgRt6mXGzjvD78lMZxS9oIOx:tKKZfyjXGzjvfsMoOx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d0cc8c5cba0ea3c2f3e8fefcf5ed658_JaffaCakes118

Files

2d0cc8c5cba0ea3c2f3e8fefcf5ed658_JaffaCakes118
.exe windows:4 windows x86 arch:x86

97b9b2445d6c02b345f7c7980192be1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
CryptGenRandom
LookupPrivilegeNameW
CryptVerifySignatureA
RegOpenKeyExW
CryptDestroyHash
RegQueryInfoKeyA
CryptSignHashW
CryptDecrypt
RegReplaceKeyA
RegRestoreKeyW
RegSetValueExA
RegSetValueW
CryptEnumProvidersA
RegCloseKey
LookupSecurityDescriptorPartsW
CryptAcquireContextW
CryptDeriveKey
LookupAccountNameW
CryptAcquireContextA
StartServiceW
CryptEnumProviderTypesA
RegQueryMultipleValuesA
CryptEnumProviderTypesW

comctl32

CreateMappedBitmap
ImageList_LoadImageW
CreateToolbar
InitCommonControlsEx
ImageList_GetDragImage
ImageList_Duplicate
ImageList_BeginDrag
CreatePropertySheetPage
ImageList_LoadImageA
ImageList_DrawIndirect
ImageList_GetImageRect
DrawStatusTextA
ImageList_Merge
ImageList_SetDragCursorImage
ImageList_Draw
ImageList_DragLeave
ImageList_DragEnter
ImageList_Add
DrawStatusTextW
ImageList_LoadImage
CreatePropertySheetPageA
ImageList_Remove
ImageList_GetBkColor
ImageList_SetBkColor

user32

GetClipboardOwner
RegisterClassExA
GetFocus
CopyAcceleratorTableW
RegisterClassA

wininet

FtpGetCurrentDirectoryW
FindNextUrlCacheEntryA
InternetCreateUrlW
ShowCertificate
FindFirstUrlCacheEntryA
FindFirstUrlCacheContainerA

kernel32

GetStringTypeA
GetOEMCP
GetDateFormatA
ReadFile
TerminateProcess
ExitProcess
LCMapStringW
GetConsoleOutputCP
IsDebuggerPresent
DeleteCriticalSection
GetProcessHeap
GetProcAddress
FreeEnvironmentStringsA
GetTickCount
SetHandleCount
GetEnvironmentStringsW
InitializeCriticalSection
TlsFree
SetLastError
GetFileType
HeapCreate
VirtualFree
TlsAlloc
HeapFree
GetCurrentThreadId
GetLastError
InterlockedDecrement
SetConsoleCtrlHandler
Sleep
GetCurrentProcessId
CloseHandle
HeapDestroy
GetCurrentProcess
GetTimeFormatA
GetTimeZoneInformation
InterlockedIncrement
HeapReAlloc
SetStdHandle
OpenMutexA
IsValidLocale
SetFilePointer
GetWindowsDirectoryA
GetLocaleInfoW
LeaveCriticalSection
RtlUnwind
GetEnvironmentStrings
GetACP
CompareStringA
GetVersionExA
WriteConsoleA
GetStdHandle
SetFileAttributesW
SetUnhandledExceptionFilter
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
VirtualQuery
HeapSize
HeapAlloc
LoadLibraryA
LCMapStringA
GetCPInfo
EnterCriticalSection
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateMutexA
RtlFillMemory
GetStartupInfoA
IsValidCodePage
GetConsoleCP
GetModuleHandleA
UnhandledExceptionFilter
TlsGetValue
GetStringTypeW
InterlockedExchange
FlushFileBuffers
CreateFileA
WriteFile
RtlMoveMemory
WriteConsoleW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetSystemTimeAsFileTime
TlsSetValue
GetConsoleMode
GetCommandLineA
SetVolumeLabelA
FreeLibrary
VirtualAlloc
EnumSystemLocalesA
GetCurrentThread

shell32

CommandLineToArgvW
SHGetDataFromIDListW
SHFileOperationW
DragQueryFileA

Sections

.text
Size: 573KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97b9b2445d6c02b345f7c7980192be1e

Headers

File Characteristics

Imports

advapi32

comctl32

user32

wininet

kernel32

shell32

Sections

.text Size: 573KB - Virtual size: 572KB

.rdata Size: 56KB - Virtual size: 64KB

.data Size: 123KB - Virtual size: 120KB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: 573KB - Virtual size: 572KB

.rdata
Size: 56KB - Virtual size: 64KB

.data
Size: 123KB - Virtual size: 120KB

.rsrc
Size: 20KB - Virtual size: 20KB