2d0807223a48b022f9a338fc6cb0b496_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d0807223a48b022f9a338fc6cb0b496_JaffaCakes118
Size

244KB
MD5

2d0807223a48b022f9a338fc6cb0b496
SHA1

b23ce1f1ae45af2b19f98e0bbc1bc9d3ab7c2887
SHA256

1d2b38e99eca0f637b529cb1247777855f461e8f79d4c875e51a99c356c9de11
SHA512

b9783d585abc473b1d2d120d324417ee3f61095d11b7e567f4451ee6d6559caf8f23d900c162af3a0fa2b9a018d3a6b25bef8cb06eeb7a06a49a2316f9a46ac7
SSDEEP

6144:q3WiboRn45nDl+DHcceVe7IzhYAjwG7anWM/9FHZ5gAF0:q3WiboZ45DcDFuwGiY6WiHjPF0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d0807223a48b022f9a338fc6cb0b496_JaffaCakes118

Files

2d0807223a48b022f9a338fc6cb0b496_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8eab44c4184877ebb8edc3a9d1832ba4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
SetErrorMode
lstrcmpiW
_lread
QueryDosDeviceA
VirtualQuery
lstrcmpiA
GlobalGetAtomNameW
SetSystemTime
IsBadReadPtr
GetEnvironmentVariableW
VirtualProtect
CreateIoCompletionPort
GetCommandLineA
GlobalFlags
GetFullPathNameA
GetShortPathNameA
SetMailslotInfo
LocalLock
AreFileApisANSI
WritePrivateProfileStructA
SetConsoleActiveScreenBuffer
GetCurrentProcess
OpenMutexA
_llseek
SetConsoleWindowInfo
GetHandleInformation
WaitNamedPipeA
FormatMessageA
GetDiskFreeSpaceW
SetStdHandle
EnumCalendarInfoA
ReadFile
GetVersionExA
ExitProcess
VirtualAlloc
InitializeCriticalSection

user32

SetRectEmpty
RemovePropW
GetLastActivePopup
EnumDisplayMonitors
EndMenu
IsCharAlphaA
EnumDisplayDevicesA
ShowCursor
GetMessageExtraInfo
CreateDialogIndirectParamA
InsertMenuA
DrawCaption
FlashWindow
GetDlgItemTextW
DrawStateW
GetMonitorInfoW
CreateIconFromResource
ScreenToClient

gdi32

GetEnhMetaFileDescriptionA
GetTextExtentExPointA
ExcludeClipRect
GetCharWidthW
EnumFontsA

comdlg32

PageSetupDlgW

advapi32

GetServiceDisplayNameW
GetSidLengthRequired
RegOpenKeyA
RegRestoreKeyW
RegSaveKeyA
RegDeleteKeyA
SetEntriesInAclW
NotifyBootConfigStatus
RegRestoreKeyA
AddAccessDeniedAce
NotifyChangeEventLog

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetSpecialFolderPathA

ole32

OleSetMenuDescriptor
CoGetTreatAsClass
OleRegGetMiscStatus
StgSetTimes
WriteClassStg
CoReleaseServerProcess
MkParseDisplayName

oleaut32

QueryPathOfRegTypeLi
SafeArrayRedim
LoadTypeLibEx
SysStringLen

comctl32

ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_SetIconSize
ImageList_SetDragCursorImage

shlwapi

PathUnquoteSpacesW
SHDeleteKeyA
SHCopyKeyA
PathRemoveExtensionW
StrCatW
StrCatBuffA
StrStrIW
SHGetValueW
StrDupW
PathFindFileNameW
SHEnumValueW
SHRegCloseUSKey
PathIsDirectoryA
PathCanonicalizeW
UrlApplySchemeW
PathIsRootA
PathQuoteSpacesA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8eab44c4184877ebb8edc3a9d1832ba4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 232KB - Virtual size: 229KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 232KB - Virtual size: 229KB