2dbbc8b5c90934a8727da2f9d6a3c2cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2dbbc8b5c90934a8727da2f9d6a3c2cb_JaffaCakes118
Size

506KB
MD5

2dbbc8b5c90934a8727da2f9d6a3c2cb
SHA1

71d97374d22e85db9c72f86b9ef4dd80cc2157a4
SHA256

8781f31b51693a8b1a80f97e656667a3a1a3bb2ca81f5c868d4c0f56a13d6e72
SHA512

43bf2dde20e77fb64e6d6151b843dcfa5c1fc1fd0c2b10636118a7b8bee90c378b594cacb11481c25c0b468735e7c2e56c723a70c9d041c162426e1af5cfd8f6
SSDEEP

12288:w2xSdAH1ar41tL1csDiRUzfnWaneCt3z4XQlFUHZ:w1dAH11tL1FDkUDWTCt3zq4q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dbbc8b5c90934a8727da2f9d6a3c2cb_JaffaCakes118

Files

2dbbc8b5c90934a8727da2f9d6a3c2cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5034470574c6d7a205b1125277b5fae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FlashWindow
RegisterClassExA
RegisterClassA
FillRect

shell32

SHGetPathFromIDListW
SheChangeDirA

comctl32

InitCommonControlsEx

advapi32

RegSetValueExW
CryptVerifySignatureW
CryptGetDefaultProviderA
RegOpenKeyW
InitiateSystemShutdownW
CryptGetKeyParam
RegDeleteKeyW
LookupPrivilegeValueW
LookupPrivilegeValueA
DuplicateTokenEx

kernel32

GetEnvironmentStringsW
GetLocaleInfoW
CommConfigDialogW
EnumSystemLocalesW
WideCharToMultiByte
InterlockedDecrement
SetStdHandle
FreeLibrary
GetStartupInfoA
TlsGetValue
GlobalAddAtomA
SetEnvironmentVariableA
GetConsoleMode
GetModuleFileNameW
SetConsoleTextAttribute
GetEnvironmentVariableW
TlsAlloc
CompareStringW
MultiByteToWideChar
GetUserDefaultLCID
IsValidCodePage
GetModuleFileNameA
CloseHandle
SetConsoleCtrlHandler
GetLastError
VirtualAlloc
RtlUnwind
EnterCriticalSection
SetLastError
HeapAlloc
FlushFileBuffers
TlsFree
TlsSetValue
OpenMutexW
SetUnhandledExceptionFilter
LCMapStringW
UnhandledExceptionFilter
SetFilePointer
FindResourceExW
GetCurrentThreadId
EnumSystemLocalesA
GetOEMCP
VirtualProtectEx
GetFileType
LoadLibraryA
GetConsoleOutputCP
GetCPInfo
GetACP
DeleteCriticalSection
GetStringTypeW
GetModuleHandleW
GetUserDefaultLangID
HeapCreate
GetDateFormatA
GetTimeZoneInformation
OpenFileMappingW
InitializeCriticalSectionAndSpinCount
TerminateProcess
WriteConsoleA
SetThreadLocale
GetStdHandle
HeapFree
GetConsoleScreenBufferInfo
ReadFile
IsDebuggerPresent
GetCurrentThread
IsValidLocale
CreateMutexA
InterlockedIncrement
GetTimeFormatA
GetTickCount
HeapDestroy
ExitProcess
GetLocaleInfoA
GetLongPathNameW
GetStringTypeA
QueryPerformanceCounter
CompareStringA
HeapReAlloc
GetCurrentProcessId
InterlockedExchange
GetCommandLineW
LCMapStringA
SetHandleCount
GetModuleHandleA
LeaveCriticalSection
VirtualQuery
GetStartupInfoW
FreeEnvironmentStringsW
GetProcAddress
VirtualFree
GetSystemTimeAsFileTime
GetCurrentProcess
Sleep
HeapSize
WriteConsoleW
GetCommandLineA
WriteFile
CreateFileA
GetConsoleCP
OpenMutexA

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5034470574c6d7a205b1125277b5fae

Headers

File Characteristics

Imports

user32

shell32

comctl32

advapi32

kernel32

Sections

.text Size: 168KB - Virtual size: 168KB

.rdata Size: 10KB - Virtual size: 22KB

.data Size: 315KB - Virtual size: 314KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 168KB - Virtual size: 168KB

.rdata
Size: 10KB - Virtual size: 22KB

.data
Size: 315KB - Virtual size: 314KB

.rsrc
Size: 11KB - Virtual size: 11KB