2d676e0601c3abd64d28fa93baa4b242_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d676e0601c3abd64d28fa93baa4b242_JaffaCakes118
Size

227KB
MD5

2d676e0601c3abd64d28fa93baa4b242
SHA1

674f208a825a3869212a408c5e98520c2482ebd7
SHA256

a307feed2bcd821d5033ea264664e46c1ccef9124f845067a4d910623596b567
SHA512

c5f1061d66f08cd18e9b2097c7eb0b6c8c2e508ab4c16bb18e84a7d592c28ec335478e1eb086ab56585f26f5c241474e1a51d3b096b842167cb15635b4b49759
SSDEEP

3072:Cq4PLCzAmILbeHqgwDGFQXue5PbrAtS5KnGsS9WwDYTW4XGdCEDm45rG6BAUM+8:uuyLMqg2BpY+KtQBYa48eOhBO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d676e0601c3abd64d28fa93baa4b242_JaffaCakes118

Files

2d676e0601c3abd64d28fa93baa4b242_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b3e0654b96eac7f9a8631e2502acada6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
OpenProcess
MoveFileA
DeleteFileA
GetModuleFileNameA
GetCommandLineA
Sleep
GetLocalTime
MultiByteToWideChar
GetTickCount
GetCurrentThreadId
lstrlenW
lstrcmpiA
WideCharToMultiByte
RaiseException
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
MulDiv
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
DeleteCriticalSection
SetEvent
InterlockedDecrement
InitializeCriticalSection
IsProcessorFeaturePresent
InterlockedCompareExchange
ReadFile
GetProcessHeap
SetEndOfFile
LoadLibraryA
GetTempPathA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
CreateFileA
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
VirtualFree
HeapCreate
ExitProcess
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetConsoleMode
GetConsoleCP
WriteFile
GetStartupInfoA
HeapFree
CreateDirectoryA
RemoveDirectoryA
CreateMutexA
ExpandEnvironmentStringsA
lstrcpyA
lstrcatA
lstrlenA
GetFileAttributesExA
GetModuleHandleA
DuplicateHandle
GetCurrentProcess
GetExitCodeProcess
GetProcAddress
CreateRemoteThread
GetLastError
CloseHandle
SetLastError
WaitForSingleObject
CreateThread
RtlUnwind
ExitThread
HeapAlloc
HeapReAlloc
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
ResumeThread

user32

SetLayeredWindowAttributes
SetWindowPos
MessageBoxA
wsprintfA
LoadBitmapA
FillRect
IsWindowVisible
BringWindowToTop
TranslateMessage
DispatchMessageA
PeekMessageA
SetWindowLongA
ClientToScreen
MoveWindow
IsWindow
GetWindowRect
GetFocus
WindowFromPoint
GetForegroundWindow
GetCursorPos
GetWindowThreadProcessId
AttachThreadInput
FindWindowExA
DefWindowProcA
ShowWindow
GetWindowLongA
PostThreadMessageA
DestroyWindow
GetDlgItem
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ScreenToClient
CreateAcceleratorTableA
GetDC
GetDesktopWindow
ReleaseDC
CharNextA
GetParent
GetClassNameA
RedrawWindow
IsChild
SetFocus
GetWindow
GetSysColor
DestroyAcceleratorTable
SendMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RegisterWindowMessageA
GetClassInfoExA
LoadCursorA
RegisterClassExA
EndPaint
BeginPaint
CallWindowProcA
GetClientRect
CreateWindowExA
UnregisterClassA

gdi32

CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
GetStockObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetObjectA
GetDeviceCaps

advapi32

RegDeleteValueA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
VariantInit
SysFreeString
LoadRegTypeLi
LoadTypeLi
SysStringLen
DispCallFunc
SysAllocString
SysAllocStringLen
OleCreateFontIndirect

shlwapi

PathGetArgsA
StrStrIW
StrToIntA
UrlUnescapeA
PathIsDirectoryA
PathRemoveBlanksA
PathRemoveFileSpecA
PathFindFileNameA
PathFileExistsA

ws2_32

htons
ioctlsocket
connect
select
__WSAFDIsSet
closesocket
send
recv
gethostbyname
WSAStartup
socket

netapi32

Netbios

psapi

EnumProcesses
GetModuleFileNameExA

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3e0654b96eac7f9a8631e2502acada6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

ws2_32

netapi32

psapi

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 17KB - Virtual size: 17KB