2e6cb19140232a02f50d9cbcffd8c617_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2e6cb19140232a02f50d9cbcffd8c617_JaffaCakes118
Size

352KB
MD5

2e6cb19140232a02f50d9cbcffd8c617
SHA1

39966c78b21f2b4031850014e705aa2312ee8b29
SHA256

34cd32dff36fb826d218da736c75fd2e4bf8f6ef06e97bd1a9c175bd1eebb6b8
SHA512

edd1594306dfcd2054f5646376dcf661dc0aa7a65d83313d19c5a682aebce26b841aba82132923556ea84a4b3f3027e5a1efd1ecffcc463ba74600453fd78493
SSDEEP

6144:y6/baYJSjZLRuwLS/lJvhLgodeTVtYx2zCx663qRinM:y8baz/u+g3LgHTVy2zC3n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e6cb19140232a02f50d9cbcffd8c617_JaffaCakes118

Files

2e6cb19140232a02f50d9cbcffd8c617_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57623903ce302f3b6061622f63755f01

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\gwnxm.PDB

Imports

comdlg32

ChooseColorA
GetOpenFileNameA

wininet

SetUrlCacheEntryGroupW
InternetTimeToSystemTime
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetTimeToSystemTimeW
GetUrlCacheEntryInfoW

user32

AttachThreadInput
ChildWindowFromPoint
RemovePropA
GetActiveWindow
SetWindowRgn
CreateDesktopW
SetWindowLongW
wvsprintfA
RegisterWindowMessageA
RegisterClassA
GetKeyboardType
GetParent
EnumThreadWindows
BeginDeferWindowPos
PeekMessageW
GetKBCodePage
DlgDirListComboBoxA
GetCaretPos
GetKeyNameTextA
LoadAcceleratorsW
ValidateRect
CharNextW
DefWindowProcA
DrawTextExW
SetClassWord
DdeUninitialize
FlashWindowEx
UnregisterHotKey
WinHelpW
GetMenuCheckMarkDimensions
GetNextDlgGroupItem
DdeCreateStringHandleW
DdeCreateDataHandle
DrawTextW
DrawIcon
CharPrevA
DdeDisconnectList
GetPropW
DdeConnect
ScrollWindow
SetThreadDesktop
RegisterClassW
SetWindowTextW
SetActiveWindow
DestroyWindow
DdeGetLastError
DrawStateW
GetWindowLongA
KillTimer
CreateWindowExW
MessageBoxW
ArrangeIconicWindows
DlgDirListA
ChangeMenuW
CreatePopupMenu
ShowWindow
DlgDirSelectComboBoxExA
GetClassInfoExW
SetWindowPlacement
DestroyMenu
CascadeChildWindows
EnumDisplayDevicesW
SetCursorPos
TileWindows
CreateAcceleratorTableA
CharLowerA
IsZoomed
TrackPopupMenu
ToUnicodeEx
IsCharAlphaW
GetInputState
RegisterClassExA

comctl32

ImageList_AddIcon
ImageList_DragShowNolock
DrawStatusTextA
InitCommonControlsEx
ImageList_Replace

kernel32

GetCurrentThreadId
HeapCreate
TlsFree
GetCurrentThread
SetLastError
UnhandledExceptionFilter
GetDriveTypeA
GetSystemInfo
LeaveCriticalSection
GetModuleFileNameA
GetACP
EnumSystemLocalesA
GetCurrentProcess
GetStdHandle
GetSystemDefaultLangID
RtlUnwind
TlsAlloc
GetVersionExA
VirtualFree
GetOEMCP
VirtualUnlock
IsBadWritePtr
MultiByteToWideChar
GetCommandLineA
CompareStringW
FindFirstFileExA
WriteProfileStringW
FlushFileBuffers
IsValidLocale
GetStartupInfoA
VirtualProtect
HeapReAlloc
InterlockedExchange
lstrlenW
RemoveDirectoryW
IsValidCodePage
LCMapStringW
ReadFile
GlobalUnfix
VirtualAllocEx
VirtualQuery
HeapFree
GetCPInfo
WideCharToMultiByte
SetThreadLocale
TerminateProcess
SetStdHandle
GetVolumeInformationW
SetHandleCount
GetEnvironmentStringsW
CreateMutexA
GetStringTypeA
InitializeCriticalSection
ExitProcess
SetFilePointer
GetLocaleInfoW
GetCurrentProcessId
GetStringTypeW
DeleteCriticalSection
SetEnvironmentVariableA
GetProcAddress
CompareStringA
OpenSemaphoreW
TlsGetValue
GetSystemTimeAsFileTime
WriteFile
HeapDestroy
FreeEnvironmentStringsW
lstrcpynW
GetLastError
SetConsoleTextAttribute
HeapSize
CreateDirectoryExW
GetFileType
LoadLibraryA
CloseHandle
TlsSetValue
lstrcpyn
GetTimeFormatA
SetCurrentDirectoryW
GetTickCount
TransactNamedPipe
VirtualAlloc
lstrcmpA
QueryPerformanceCounter
GetModuleHandleA
GetEnvironmentStrings
LCMapStringA
GetTimeZoneInformation
HeapAlloc
GetDateFormatA
FoldStringA
EnumResourceLanguagesA
OpenMutexA
EnterCriticalSection
GetUserDefaultLCID
ExpandEnvironmentStringsA
GetLocaleInfoA
FreeEnvironmentStringsA

shell32

SHGetDataFromIDListW
DoEnvironmentSubstW
DuplicateIcon
DragFinish

advapi32

LookupAccountSidW
CryptSignHashW
CreateServiceW
GetUserNameA
RegDeleteValueA
InitiateSystemShutdownA
RegCreateKeyA

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57623903ce302f3b6061622f63755f01

Headers

File Characteristics

PDB Paths

Imports

comdlg32

wininet

user32

comctl32

kernel32

shell32

advapi32

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 92KB - Virtual size: 102KB

.rsrc Size: 36KB - Virtual size: 34KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 92KB - Virtual size: 102KB

.rsrc
Size: 36KB - Virtual size: 34KB