2f0ec9f83fc1b6a9c6044fd6234980f6_JaffaCakes118

General

Target

2f0ec9f83fc1b6a9c6044fd6234980f6_JaffaCakes118
Size

455KB
MD5

2f0ec9f83fc1b6a9c6044fd6234980f6
SHA1

be710bdb24fe2771aa7e4fef5dcaaf760527abb4
SHA256

2b3a7586846e4f98aa5bacc427677087dc5794a8aab5776381a1718943f97c81
SHA512

9639ffa0f6e001ad57f60f6e0edd31742cba74ef74aa1f0e6149924324dc145752e64c01c2e72e7c44d47fa8430fb7c36a2352784560a7709a254a54f6ac68d3
SSDEEP

6144:msAGURAWxMzd2lxtxw/K8CRSBWMi+GplF+ZtkvmR8aTG6KSoVQwH+XHFJuZ:EH3MSxwNCGdYlF+s086G6Xoyf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f0ec9f83fc1b6a9c6044fd6234980f6_JaffaCakes118

Files

2f0ec9f83fc1b6a9c6044fd6234980f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c500c6a474b96e10a70bef8149dd7a79

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AbortSystemShutdownW
RegCreateKeyExA
CreateServiceW
LookupSecurityDescriptorPartsW
RegQueryMultipleValuesW
RegEnumKeyA

shell32

RealShellExecuteExA
ExtractAssociatedIconExW
FindExecutableA
ExtractIconExA
SHFileOperationA
RealShellExecuteExW
ExtractAssociatedIconA
SHFileOperationW
ShellExecuteEx
DuplicateIcon
SHFileOperation
DoEnvironmentSubstW
FindExecutableW
SHGetDataFromIDListW
FreeIconList

gdi32

CreatePolyPolygonRgn
SetICMMode
LPtoDP
SetViewportOrgEx
GetTextCharacterExtra
GetColorAdjustment

user32

DefWindowProcW
SetShellWindow
GetAncestor
ScreenToClient
LoadCursorW
EnumDisplaySettingsExA
MapVirtualKeyW
DrawAnimatedRects
DdeGetLastError
TileWindows
SetCaretBlinkTime
ClipCursor
MessageBoxA
EndDeferWindowPos
EnumPropsA
MapVirtualKeyA
GetMenu
DdeSetUserHandle
GetAltTabInfo
ToUnicode
DdeQueryConvInfo
IntersectRect
GetMenuContextHelpId

kernel32

RtlFillMemory
HeapAlloc
RtlUnwind
WaitForMultipleObjectsEx
InterlockedExchange
GetModuleHandleA
CompareStringA
GetCurrentProcess
VirtualAlloc
LoadLibraryA
GetSystemTimeAsFileTime
GetProcAddress
GetTempPathW
SuspendThread
GetTempFileNameW
GetModuleFileNameW
LoadResource
GetTickCount
GetEnvironmentStrings
ExitProcess
CreateDirectoryW
HeapReAlloc
GetCurrentProcessId
TerminateProcess
GetModuleFileNameA
HeapFree
SetConsoleScreenBufferSize
QueryPerformanceCounter
CopyFileA
GetCurrentThreadId
lstrcmp
SetEndOfFile
LocalFlags
VirtualQuery

Sections

.text
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c500c6a474b96e10a70bef8149dd7a79

Headers

File Characteristics

Imports

advapi32

shell32

gdi32

user32

kernel32

Sections

.text Size: 178KB - Virtual size: 178KB

.data Size: 268KB - Virtual size: 268KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 178KB - Virtual size: 178KB

.data
Size: 268KB - Virtual size: 268KB

.rsrc
Size: 7KB - Virtual size: 6KB