2ead46c436f25cfd1e4aded9d904b6b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ead46c436f25cfd1e4aded9d904b6b8_JaffaCakes118
Size

636KB
MD5

2ead46c436f25cfd1e4aded9d904b6b8
SHA1

0912b5188d316db4bd251d59bb1865999413a60e
SHA256

d4545c38060431c58eb84a02d480a567789fb3124b5da4162b1f2bdefc4ad22e
SHA512

8019be3d25cce7f58cf20a4c57d8062ae2e4b999a3a910519df7017f4a7e2518447f004e741b5371c819fea0b39097efac9cd0f4d17f9c3a369796b262c22435
SSDEEP

12288:5cyT7Ismdz5rGlCUVyO+3iXXcVltBGR2AkH4b9t/Hv:5cyTMHd1ECUVz+3MX+3IQs7H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ead46c436f25cfd1e4aded9d904b6b8_JaffaCakes118

Files

2ead46c436f25cfd1e4aded9d904b6b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

02856d285c1e48701ec399cc014462c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\hoe\oyoegehcc.pdb

Imports

comctl32

ImageList_EndDrag
ImageList_DragMove
ImageList_SetBkColor
ImageList_LoadImage
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_SetDragCursorImage
ImageList_SetOverlayImage
InitMUILanguage
ImageList_AddIcon
DrawStatusTextW
ImageList_GetImageInfo
ImageList_DrawIndirect
ImageList_DragEnter
ImageList_Duplicate
ImageList_LoadImageW
ImageList_GetFlags
CreateToolbarEx
ImageList_GetIcon
ImageList_GetBkColor
DrawInsert
CreateStatusWindowW
ImageList_GetImageRect

user32

CallWindowProcA
SetWindowWord
EnumDisplaySettingsExA
TileWindows
GetMessagePos
DialogBoxParamA
ShowWindow
DdeConnectList
DefMDIChildProcA
ReuseDDElParam
EnumDesktopWindows
TabbedTextOutW
DestroyWindow
DdeUnaccessData
GetParent
SendIMEMessageExA
CreateDialogParamW
MessageBoxExW
UnhookWindowsHook
EnumClipboardFormats
RegisterClassA
CreateIconFromResource
RealGetWindowClass
DragObject
OemToCharW
DlgDirSelectExA
EnumPropsA
RegisterClassExA
DrawMenuBar
LoadMenuW
GetKeyboardLayoutNameW
MessageBoxW
SetFocus
GetKeyNameTextA
CreateWindowExA
GetCapture
DefWindowProcW
FreeDDElParam
EnumThreadWindows
CreateIconIndirect
SetMessageQueue

kernel32

DeleteAtom
RtlFillMemory
DeleteCriticalSection
VirtualQueryEx
FreeEnvironmentStringsA
CloseHandle
GetStartupInfoA
TlsAlloc
GlobalLock
EnterCriticalSection
GlobalSize
EnumTimeFormatsA
GetLocaleInfoA
RtlUnwind
GetPrivateProfileSectionNamesA
ReleaseMutex
GetCurrentThread
LeaveCriticalSection
SetCurrentDirectoryW
VirtualFree
GetModuleHandleA
FindClose
SetConsoleTitleW
GetOEMCP
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
IsBadWritePtr
GetLastError
CreatePipe
CreateFileMappingW
EnumResourceLanguagesA
GetProcessHeap
InterlockedIncrement
UnhandledExceptionFilter
GetProfileSectionW
GetCommandLineA
GetFullPathNameA
IsValidLocale
GetCurrentProcess
CreateFileMappingA
HeapFree
GetEnvironmentStrings
CreateMutexA
CreateFileW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
HeapDestroy
GetFileTime
GetEnvironmentStringsW
GetTimeZoneInformation
GetCurrentThreadId
WriteConsoleOutputW
GetModuleFileNameW
QueryPerformanceCounter
WriteConsoleOutputCharacterA
ReadFileEx
SetUnhandledExceptionFilter
GetLocaleInfoW
WriteFile
GetComputerNameA
IsValidCodePage
GetProcAddress
GetCPInfo
InterlockedExchange
GetConsoleOutputCP
GetProfileIntW
CreateNamedPipeA
GetLogicalDriveStringsA
TlsSetValue
SleepEx
SetStdHandle
AddAtomW
GetStdHandle
SetEnvironmentVariableA
GetModuleFileNameA
WideCharToMultiByte
GetVersionExA
OpenMutexA
LockFileEx
FindResourceExW
GetCalendarInfoW
LoadLibraryA
WriteConsoleW
Sleep
OpenEventW
GetSystemDirectoryA
SetWaitableTimer
GetStringTypeA
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetPriorityClass
GetCompressedFileSizeW
GetDiskFreeSpaceA
HeapAlloc
ReadConsoleOutputCharacterA
WriteConsoleA
ReadFile
CompareStringW
GetFileType
GetACP
InterlockedDecrement
SetFilePointer
TerminateProcess
CreateEventA
GetTimeFormatA
SetConsoleTitleA
VirtualQuery
TlsGetValue
LCMapStringW
InitializeCriticalSection
FlushFileBuffers
HeapCreate
SetSystemTime
HeapSize
GlobalFlags
GetLocalTime
VirtualAlloc
CompareStringA
FindNextChangeNotification
EnumResourceNamesW
GetConsoleCP
GetUserDefaultLCID
CreateFileA
GetCurrentProcessId
FreeEnvironmentStringsW
FlushViewOfFile
IsDebuggerPresent
MapViewOfFile
lstrcmpiW
ExpandEnvironmentStringsA
HeapReAlloc
SetEvent
SetLastError
GetProcessAffinityMask
GetPrivateProfileSectionNamesW
AddAtomA
ExitProcess
ConvertDefaultLocale
GetConsoleMode
GetDateFormatA
SuspendThread
WriteFileEx
SetHandleCount
WriteConsoleOutputAttribute
GetTickCount
EnumSystemLocalesA
FoldStringW
MoveFileExA
GetStringTypeW
LCMapStringA
GetSystemTimeAsFileTime
TlsFree
LoadLibraryExA
SetComputerNameW
GetProcessShutdownParameters

advapi32

RegSaveKeyA
LookupAccountNameW
RegReplaceKeyA
CryptCreateHash
RegOpenKeyExA
CryptGetKeyParam
RegOpenKeyW
RegDeleteValueW
RegCreateKeyExA
StartServiceW
RegConnectRegistryA
RegEnumValueW
CryptReleaseContext
RegConnectRegistryW
CryptHashSessionKey
CryptAcquireContextW
RegEnumKeyExA
RegSetValueW

comdlg32

GetOpenFileNameA
PageSetupDlgA
ReplaceTextA
GetSaveFileNameA

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02856d285c1e48701ec399cc014462c6

Headers

File Characteristics

PDB Paths

Imports

comctl32

user32

kernel32

advapi32

comdlg32

Sections

.text Size: 164KB - Virtual size: 163KB

.rdata Size: 264KB - Virtual size: 262KB

.data Size: 108KB - Virtual size: 123KB

.rsrc Size: 96KB - Virtual size: 95KB

.text
Size: 164KB - Virtual size: 163KB

.rdata
Size: 264KB - Virtual size: 262KB

.data
Size: 108KB - Virtual size: 123KB

.rsrc
Size: 96KB - Virtual size: 95KB