2d36e492cb7382093ba4d69f18de9d04_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d36e492cb7382093ba4d69f18de9d04_JaffaCakes118
Size

336KB
MD5

2d36e492cb7382093ba4d69f18de9d04
SHA1

ae3b112dbc120e6338ed7d2b6d87abb119274559
SHA256

600fe2e9376a1e11efd491ad7ef3aa74aa608235023085765632678f42890a61
SHA512

4eb38fd81a72248d7487d73908c164b82df41d2f5d435d49c0b67b20155f401c29b28492d3d600daa5a5d5a9bb69a833b32675476a4acdd38a52fa73e4d70259
SSDEEP

6144:IQyEt0Nmh+/Hu7n0MfLlq8nW6hqIRffULwAYigtnhUw1LEJP:3tnh+/HuI0LlqtyVeHdghLWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d36e492cb7382093ba4d69f18de9d04_JaffaCakes118

Files

2d36e492cb7382093ba4d69f18de9d04_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05abc12fb38e1ee37b368cf0d9e68844

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
DeleteFiber
GetACP
SwitchToFiber
GetFileInformationByHandle
GlobalAddAtomA
lstrcmpA
FindResourceExA
LocalReAlloc
FindNextChangeNotification
WriteConsoleOutputW
FileTimeToLocalFileTime
GetLongPathNameA
CreateEventA
GetLargestConsoleWindowSize
VirtualProtect
GetVersionExA
DebugBreak
GetTempFileNameA
CreateWaitableTimerA
CopyFileExW
EnumResourceNamesA
GetCurrentProcess
WriteFile
SetErrorMode
GetUserDefaultLangID
GetCurrentDirectoryW
IsProcessorFeaturePresent
ReadConsoleOutputA
GetDateFormatA
GetOEMCP
GetNumberFormatW
IsBadWritePtr
GetFullPathNameA
CreateDirectoryW
CreateFileW
GetTimeZoneInformation
_lread
GlobalFree
ExitProcess
SetLastError
SetSystemTime
GetModuleFileNameW
GetShortPathNameA
GetCommandLineA

user32

CopyRect
IsDialogMessageA
LookupIconIdFromDirectory
CreateIcon
WaitMessage
MessageBoxW
SendMessageA
OpenDesktopW
FindWindowExW
mouse_event
AppendMenuA
GetClientRect
EndDialog

gdi32

ChoosePixelFormat
GetTextFaceW

comdlg32

ChooseFontW
PageSetupDlgW
GetOpenFileNameW
GetSaveFileNameW

advapi32

LookupPrivilegeValueA
CryptVerifySignatureW
GetSecurityInfo
RegDeleteKeyW
CryptCreateHash
SetEntriesInAclW
RegEnumKeyExW
LogonUserW
InitiateSystemShutdownA
ImpersonateLoggedOnUser
ReportEventA
GetServiceKeyNameW
CryptGetKeyParam
LookupAccountNameA
LookupPrivilegeDisplayNameA
CryptEncrypt
CreateServiceW
InitializeSid
SetThreadToken

shell32

DragQueryPoint
ExtractIconExW
FindExecutableW
SHGetPathFromIDListA

ole32

OleLockRunning

oleaut32

SafeArrayGetElement
SafeArrayGetLBound
SafeArrayPutElement
VariantChangeType
SysStringLen

comctl32

ImageList_GetImageCount
ImageList_DragShowNolock
ImageList_DragMove
ImageList_BeginDrag

shlwapi

SHCopyKeyA
PathIsPrefixW
PathStripToRootA
SHSetThreadRef
SHDeleteKeyA
UrlGetPartW
StrChrA
PathIsFileSpecA
PathCombineW
PathIsUNCA
PathQuoteSpacesA
StrCmpIW
PathCanonicalizeW
PathRemoveFileSpecA
PathGetDriveNumberA
PathRelativePathToW

setupapi

SetupGetIntField
SetupOpenAppendInfFileW
SetupFindFirstLineA

Sections

.text
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05abc12fb38e1ee37b368cf0d9e68844

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

setupapi

Sections

.text Size: 280KB - Virtual size: 279KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 48KB - Virtual size: 44KB

.text
Size: 280KB - Virtual size: 279KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 48KB - Virtual size: 44KB