2d1c9e888b9176cb9157cbb64bb64a6c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d1c9e888b9176cb9157cbb64bb64a6c_JaffaCakes118
Size

320KB
MD5

2d1c9e888b9176cb9157cbb64bb64a6c
SHA1

b9135c6f6ae17a8a88f6ad53f3036c58f4f9be3a
SHA256

a8cf319379ad8f63612d23a3344457456984ac4a44d694887f474bcc9ef6beef
SHA512

f43f073731bb11757d878e8458f693cc41dbcadb1b6922e997be73349975c8de0a360d2cae4cd5e545fe387d415ecabb7b02a5430bc2e09a9f96352f10cf1ef0
SSDEEP

6144:swSUEvdUDxkky99+EZJe7zkieXCbMqslwDrCAz1xNbv:OUd6++JeRUCAnlwNzp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d1c9e888b9176cb9157cbb64bb64a6c_JaffaCakes118

Files

2d1c9e888b9176cb9157cbb64bb64a6c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36858737c8887b31d216ad4671e253de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ScrollConsoleScreenBufferA
VirtualAlloc
VirtualProtect
GetVersionExA
GetPrivateProfileSectionW
CopyFileExW
LocalAlloc
MoveFileW
GetTempFileNameA
EnumResourceNamesA
ExitProcess
GetProfileStringA
ClearCommBreak
EnumTimeFormatsW
lstrcpyA
FormatMessageA
InitializeCriticalSection
TlsGetValue
GetFileAttributesA
UnhandledExceptionFilter
LoadResource
_lopen
SetMailslotInfo
FindCloseChangeNotification
VirtualQueryEx
GetConsoleCursorInfo
CreateDirectoryExA
VirtualUnlock
FindNextChangeNotification
SetConsoleTitleA
QueryDosDeviceA
EndUpdateResourceA
lstrcmpiW
GlobalAddAtomW
GetCommState
GetCPInfo
GetCompressedFileSizeW
UnmapViewOfFile
DebugBreak
MultiByteToWideChar
_hread
LocalReAlloc
GetCommandLineA
FreeEnvironmentStringsA

user32

GetSysColor

gdi32

DeleteMetaFile
ExtTextOutW
SetPixelV
GetOutlineTextMetricsW
EnumFontsA
CreatePatternBrush
GetObjectA
EnumEnhMetaFile
GetBkColor
CreateCompatibleBitmap
GetCharWidthW
GetStockObject

comdlg32

ReplaceTextW
ChooseColorA
GetSaveFileNameA
PageSetupDlgW

advapi32

AccessCheck
CryptAcquireContextW
LogonUserW
RegCreateKeyExW
RegSetValueW
PrivilegeCheck
RegQueryInfoKeyA
ImpersonateNamedPipeClient
RegEnumKeyExW
GetSecurityInfo
IsTextUnicode
GetSidSubAuthority
AccessCheckAndAuditAlarmA
QueryServiceConfigA
GetFileSecurityA
RegGetKeySecurity
SetServiceStatus
MapGenericMask
CreateServiceA
BuildSecurityDescriptorW
GetCurrentHwProfileW
DeregisterEventSource
RegSetValueExA
InitiateSystemShutdownA
RegUnLoadKeyA
RegOpenKeyA
DuplicateTokenEx
DestroyPrivateObjectSecurity
CryptGetKeyParam
GetTokenInformation
CreateProcessAsUserW
LogonUserA
OpenThreadToken
RegUnLoadKeyW
InitializeAcl

shell32

SHAddToRecentDocs
ShellExecuteA

ole32

OleRegGetUserType
GetRunningObjectTable
OleGetIconOfClass
ReadClassStg
CoRegisterMallocSpy
CoCreateInstance
GetClassFile
ReadFmtUserTypeStg
CoImpersonateClient
CoSwitchCallContext

oleaut32

SysFreeString
SafeArrayGetElement
SafeArrayCreate
QueryPathOfRegTypeLi
SetErrorInfo
SysAllocStringLen
SafeArrayPutElement

comctl32

ImageList_SetIconSize

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36858737c8887b31d216ad4671e253de

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 300KB - Virtual size: 296KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 9KB

.text
Size: 300KB - Virtual size: 296KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 9KB