2fdfb9e8f9e3886896901a5830cf8bd8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fdfb9e8f9e3886896901a5830cf8bd8_JaffaCakes118
Size

379KB
MD5

2fdfb9e8f9e3886896901a5830cf8bd8
SHA1

d17c9dba10027a33cb2be0132af43dd050be3a59
SHA256

227c3d545a0764e22a9addafb02264ef4e9247e7df7435bb46c86f79d9aaad31
SHA512

eea0a75fbcf31fa7ee116dd867639c5f4befdf9039b972747904ddf628efa38b8066656b351a25ab02b74ec38d2c6450c0defb5874401de2c0c0adfea51abe1a
SSDEEP

6144:YHcvIPt6Bg0W64k/RwzpOEkcYfeztr1eL2gP/QmMQLjK2GTiHR5KHa/Fh3lty1W9:fvc6B1h/Gze3eBrFgP/QQ3+0Fh3ZZVOb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fdfb9e8f9e3886896901a5830cf8bd8_JaffaCakes118

Files

2fdfb9e8f9e3886896901a5830cf8bd8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f16e661705538c76cec507c476dfe261

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

WinHelpW
ActivateKeyboardLayout
DdeAbandonTransaction
NotifyWinEvent
SetMenuDefaultItem
GetSubMenu
LoadCursorA
DefFrameProcW
MessageBoxIndirectA
GetMonitorInfoW
LoadStringA
DdeKeepStringHandle
DialogBoxParamA
MonitorFromWindow
ImpersonateDdeClientWindow
ShowOwnedPopups
WINNLSEnableIME

wininet

FindNextUrlCacheContainerA
CreateUrlCacheContainerW
FindFirstUrlCacheContainerA
FindFirstUrlCacheGroup
ReadUrlCacheEntryStream
InternetGetCertByURLA
RetrieveUrlCacheEntryFileA
DeleteUrlCacheEntryA
HttpQueryInfoA
HttpSendRequestA
FtpDeleteFileW
InternetSetDialStateW
FtpRemoveDirectoryW
FtpPutFileEx
GetUrlCacheEntryInfoExW
InternetSetDialState
InternetGetLastResponseInfoW

advapi32

StartServiceA
RegQueryValueExA
RegCreateKeyExW
CryptSetProvParam
DuplicateToken
RegEnumKeyA
CryptGetKeyParam
RegConnectRegistryA
ReportEventA
CryptSignHashW

comdlg32

FindTextA
PageSetupDlgW
ReplaceTextA
GetSaveFileNameW
GetOpenFileNameW

kernel32

SetConsoleCtrlHandler
EnterCriticalSection
RtlUnwind
FlushViewOfFile
InterlockedExchange
GetModuleHandleA
VirtualUnlock
GetCurrentProcess
TlsFree
LoadLibraryA
MultiByteToWideChar
GetProcAddress
UnhandledExceptionFilter
EnumSystemLocalesA
HeapCreate
FindResourceExA
GetLogicalDriveStringsA
SetLastError
GetLastError
ExitProcess
GetFileType
GetConsoleOutputCP
GetEnvironmentStringsW
SetConsoleTitleW
GetModuleFileNameA
HeapFree
HeapDestroy
GetEnvironmentStrings
CreateFileA
IsBadWritePtr
InitializeCriticalSection
InterlockedExchangeAdd
GetProcessAffinityMask
AddAtomW
TlsGetValue
InitializeCriticalSectionAndSpinCount
HeapReAlloc
VirtualQuery
CreatePipe
EnumResourceNamesW
VirtualFree
GetProcessShutdownParameters
TerminateProcess
GetModuleFileNameW
GetCommandLineW
HeapAlloc
CreateFileW
GetLocaleInfoA
LockResource
SetThreadIdealProcessor
FreeEnvironmentStringsA
GetStartupInfoA
GetCurrentProcessId
LeaveCriticalSection
DeleteCriticalSection
TlsSetValue
QueryPerformanceCounter
GetVersion
FreeEnvironmentStringsW
GetStartupInfoW
GetCurrentThread
ReadFileEx
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
TlsAlloc
WriteFile
VirtualAlloc
SetHandleCount
GetStdHandle
GetExitCodeThread
CreateNamedPipeW
GetTickCount

shell32

SHGetSpecialFolderPathA
FreeIconList
SHGetFileInfo
CommandLineToArgvW
SHAddToRecentDocs
ShellExecuteW

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f16e661705538c76cec507c476dfe261

Headers

File Characteristics

Imports

user32

wininet

advapi32

comdlg32

kernel32

shell32

Sections

.text Size: 107KB - Virtual size: 106KB

.data Size: 265KB - Virtual size: 271KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 107KB - Virtual size: 106KB

.data
Size: 265KB - Virtual size: 271KB

.rsrc
Size: 6KB - Virtual size: 5KB