2e968534fb2cc024e1388fe6fe4226ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e968534fb2cc024e1388fe6fe4226ad_JaffaCakes118
Size

573KB
MD5

2e968534fb2cc024e1388fe6fe4226ad
SHA1

711df1f29477ab59628c2ac8c91142e0af9a5dc7
SHA256

af5f49de3a75e863ea05dce81ee4c3821cffd49562b5b05991e0dd0f5678a426
SHA512

10d9bac4216a9f86e7536f7d963bb30a99737b3024aaca3bef4fe3ab6eeab0bff6576d37d53c6d801c2b477ff8e5c5a307792adb81e46d0b199dfbddcebe1dbb
SSDEEP

12288:3jbRrPCc6utjQcP7gde+cqEhXaYAocIpxCYD5GmpnxEAMt:3jbRrPC0hQ6gdeqSa93IHl8mpnx3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e968534fb2cc024e1388fe6fe4226ad_JaffaCakes118

Files

2e968534fb2cc024e1388fe6fe4226ad_JaffaCakes118
.exe windows:5 windows x86 arch:x86

473491d85d2704730caf4237e9b467f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerInstallFileW
VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA

user32

UpdateWindow
ShowWindow
ShowOwnedPopups
SendMessageA
PostMessageA
OemToCharBuffA
OemToCharA
MessageBoxA
LoadAcceleratorsW
LoadAcceleratorsA
GetMenu
GetDC
DispatchMessageA
DestroyWindow
DeleteMenu
CreateMDIWindowA
CopyImage
ChangeMenuA

ntdll

RtlUpperString
RtlxUnicodeStringToAnsiSize
ZwAccessCheckByTypeAndAuditAlarm
ZwCompleteConnectPort
ZwCreateWaitablePort
ZwEnumerateValueKey
ZwGetContextThread
ZwImpersonateAnonymousToken
RtlUpcaseUnicodeStringToOemString
RtlUnlockHeap
RtlTraceDatabaseAdd
RtlSetUserValueHeap
RtlSetTimer
RtlPinAtomInAtomTable
RtlMakeSelfRelativeSD
RtlImageRvaToVa
RtlImageDirectoryEntryToData
RtlFindLastBackwardRunClear
RtlFillMemory
NtWriteFile
NtSetDefaultUILanguage
NtQueueApcThread
NtLockFile
NtCallbackReturn
NtAreMappedFilesTheSame
LdrFindResourceDirectory_U
RtlNtStatusToDosError

kernel32

_lopen
_hwrite
WaitForMultipleObjectsEx
WaitForMultipleObjects
VirtualProtect
VerLanguageNameA
Thread32Next
SystemTimeToTzSpecificLocalTime
SetVolumeMountPointA
SetLastError
ResumeThread
ReadFileEx
PrepareTape
LocalReAlloc
LoadLibraryExW
IsProcessorFeaturePresent
IsBadStringPtrW
HeapAlloc
GlobalWire
GlobalUnWire
GlobalSize
GlobalMemoryStatusEx
GlobalGetAtomNameW
GlobalDeleteAtom
GetTickCount
GetTempPathA
GetSystemTimeAsFileTime
GetProcAddress
GetFileSize
GetDriveTypeA
GetCommandLineA
FindResourceA
FindClose
ExitProcess
EraseTape
EnumCalendarInfoW
DeleteTimerQueue
DeleteFileA
GetUserDefaultLangID
CreateJobObjectW
CreateIoCompletionPort
CopyFileW
CancelTimerQueueTimer
BuildCommDCBW
BeginUpdateResourceA
GlobalAddAtomW

userenv

GetAppliedGPOListW
LeaveCriticalPolicySection
RegisterGPNotification
UnregisterGPNotification
ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
DestroyEnvironmentBlock
EnterCriticalPolicySection

Exports

Exports

LUNrFdnwsY
ankgaOdSw
cotwldosqmmd
eEdnyTuWpqsuorx
iphxTIseucpNqykaCtm
kjqlbPIcxip
lmgkfhBlh
obipu
qgrnUKbrdiiKLyksp
vwpzesbw
wkxNnX

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 464KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

473491d85d2704730caf4237e9b467f1

Headers

File Characteristics

Imports

version

user32

ntdll

kernel32

userenv

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 56KB

.data Size: 464KB - Virtual size: 467KB

.rsrc Size: 51KB - Virtual size: 51KB

.text
Size: 56KB - Virtual size: 56KB

.data
Size: 464KB - Virtual size: 467KB

.rsrc
Size: 51KB - Virtual size: 51KB