2f40ce58b99a2a2c98e0b4d2ee52bcaa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f40ce58b99a2a2c98e0b4d2ee52bcaa_JaffaCakes118
Size

56KB
MD5

2f40ce58b99a2a2c98e0b4d2ee52bcaa
SHA1

0ea18a1c2c3950a8e04927be0ea3cb9ece9037fb
SHA256

d4c0fae4dd5452d9c372b9fd268e8f24ae45b2024074f9888d52bdc824c1df18
SHA512

61c32a7243c5e488f53b453cb569ddc0c54258c46e496159da4e219c4969b5a6d53a0aebb94064e949991029b1c6c3e7258171319635972229d48e84951abf31
SSDEEP

768:PfVW47Y2cWL533ZyvGtEF/42sEjvSaMV4854TJyIN:P9L7Y5uHzeF/tjvndJyI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f40ce58b99a2a2c98e0b4d2ee52bcaa_JaffaCakes118

Files

2f40ce58b99a2a2c98e0b4d2ee52bcaa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b0b5e8bb96a074ee00b2069450d46206

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
IsTextUnicode

kernel32

lstrlenW
FormatMessageA
lstrcpyA
lstrlenA
WriteFile
GetLastError
WriteConsoleW
WideCharToMultiByte
ExitProcess
MultiByteToWideChar
GetStdHandle
GetCommandLineW
GetVersionExA
GetFileType
GetCPInfo
GetACP
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCommandLineA
GetFullPathNameA
GetFullPathNameW
GetModuleHandleA
GetPrivateProfileStringA
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetModuleFileNameA
GetModuleFileNameW
lstrcmpiA
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
ReadFile
CloseHandle
SetEvent
CreateThread
CreateEventA
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetProcAddress
LoadLibraryA
UnmapViewOfFile
CreateFileW
CreateFileA
MapViewOfFile
CreateFileMappingA
GetFileSize
HeapReAlloc

user32

RegisterClassA
CharToOemBuffA
wsprintfA
GetActiveWindow
GetClassInfoA
CreateWindowExA
GetMessageA
GetWindowLongA
SetWindowLongA
PostQuitMessage
SetTimer
DefWindowProcA
GetParent
IsWindowVisible
KillTimer
EnumThreadWindows
SendMessageA
PostMessageA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage
DispatchMessageA
LoadStringW
LoadStringA
wsprintfW

ole32

CoCreateInstance
MkParseDisplayName
CLSIDFromString
CoGetClassObject
CLSIDFromProgID
CreateBindCtx
CoInitialize
CoUninitialize

oleaut32

SafeArrayGetElement
SafeArrayDestroy
VariantChangeType
LoadTypeLi
SysAllocStringByteLen
VariantInit
VariantCopy
VariantClear
SysAllocString
LoadRegTypeLi
SysFreeString
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
SysStringLen
SafeArrayCreate
SafeArrayGetUBound
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetLBound

urlmon

CreateURLMoniker

imm32

ImmGetDefaultIMEWnd

version

VerQueryValueA
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA

msvcrt

_ftol

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0b5e8bb96a074ee00b2069450d46206

Headers

File Characteristics

Imports

advapi32

kernel32

user32

ole32

oleaut32

urlmon

imm32

version

msvcrt

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 800B

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 800B

.rsrc
Size: 28KB - Virtual size: 28KB