2fceaab4d2f77e4e321130d7c13764e1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fceaab4d2f77e4e321130d7c13764e1_JaffaCakes118
Size

213KB
MD5

2fceaab4d2f77e4e321130d7c13764e1
SHA1

67e50773a07281bc3b616a9695d58dca4cc944a4
SHA256

78ad88d90b7be0504aa97e796e712084cfa8e29316e73c801fbf99d3c4cb80ba
SHA512

f768b9d1da042014698c1ed0d3a8dcb41ac14aee3d7f1cae5aa393e636abbed37083b2fdfec9fa6ed4baa0cf74e064a0b9fcb51ed9161036db5bd1e0ed2b722c
SSDEEP

3072:M4vaLHDozLYDQCpQr53V6NJGA0IsST1bBxWXkXRGqQsdwlUVS76Jj1cryQQR7+ya:ZvaLjBDQf534NcuL3xWIIPDccruRyj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fceaab4d2f77e4e321130d7c13764e1_JaffaCakes118

Files

2fceaab4d2f77e4e321130d7c13764e1_JaffaCakes118
.exe windows:5 windows x64 arch:x64

3e0b1bf4b3bde97c10069690dac39ef9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

tapi32

lineGetCountryW
lineGetTranslateCapsW

shlwapi

StrCatW
StrCmpW
StrStrIW
StrRChrW
StrTrimW
StrPBrkW
StrCmpNIW
PathMakeSystemFolderW
StrCmpIW
StrChrW
StrCpyNW
StrCpyW

kernel32

GetStringTypeW
LocalFree
FormatMessageW
GetLastError
GetLocaleInfoW
SetEnvironmentVariableW
GetPrivateProfileStringW
GetFileAttributesW
ExpandEnvironmentStringsW
GetPrivateProfileSectionW
GetGeoInfoW
GetEnvironmentVariableW
GetModuleFileNameW
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
FindClose
FindFirstFileW
WritePrivateProfileStringW
CloseHandle
GetCurrentProcess
CopyFileW
MultiByteToWideChar
lstrlenW
LocalAlloc
GetUserGeoID
lstrlenA
CreateProcessW
WaitForSingleObject
GetCurrentDirectoryW
CreateDirectoryW
GetPrivateProfileIntW
GlobalFree
GlobalAlloc
FindNextFileW
WriteFile
CreateFileW
EnumUILanguagesW
GetProcAddress
GetModuleHandleW
GetUserDefaultLangID
GlobalMemoryStatus
GetVersionExW
GetTimeFormatW
GetDateFormatW
GetLocalTime
SetCurrentDirectoryW
GetLongPathNameW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleOutputCP
SetStdHandle
FlushFileBuffers
HeapReAlloc
WriteConsoleA
GetUserDefaultUILanguage
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
FreeEnvironmentStringsW
CreateFileA
GetSystemTimeAsFileTime
ReadFile
SetEndOfFile
WriteConsoleW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
DeleteCriticalSection
GetFileType
WideCharToMultiByte
HeapFree
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSetInformation
HeapCreate
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetCurrentProcessId

user32

GetSystemMetrics

advapi32

RegQueryValueExW
RegLoadKeyW
RegUnLoadKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteW
SHChangeNotify
SHFileOperationW
ShellExecuteExW
SHGetFolderPathW
SHSetLocalizedName

ole32

StringFromCLSID
CLSIDFromProgID
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�W
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e0b1bf4b3bde97c10069690dac39ef9

Headers

DLL Characteristics

File Characteristics

Imports

tapi32

shlwapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 7KB - Virtual size: 26KB

.pdata Size: 6KB - Virtual size: 6KB

�W Size: 4KB - Virtual size: 3KB

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 7KB - Virtual size: 26KB

.pdata
Size: 6KB - Virtual size: 6KB

�W
Size: 4KB - Virtual size: 3KB