32a6f8fce82934eeaaba9982fcba2a8a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

32a6f8fce82934eeaaba9982fcba2a8a_JaffaCakes118
Size

402KB
MD5

32a6f8fce82934eeaaba9982fcba2a8a
SHA1

c8381721ef2b6ee6044dc7abb54f7019d4705e7b
SHA256

df0c3a147e234a3982ff9daf03dd4fcfed88e9ca20b3f1852c907db0b7b8ca9d
SHA512

38adbb3d2a3c1f4165f9c3cb8d247fc99ef029b9c8b15ecd1a89f332e0c192cce8b112e3fd5f8430aa3398aeecc03e407eec3d74676698eea5771ae5f6bc59e6
SSDEEP

12288:5thldc4eE1nEhHhKlMJqfnoL0mx/YEABffCI3:e0ZfoLXEBnr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32a6f8fce82934eeaaba9982fcba2a8a_JaffaCakes118

Files

32a6f8fce82934eeaaba9982fcba2a8a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e4e798fbaa45830b82846d917375b8c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetClipRgn
SetMetaFileBitsEx
CreateDIBPatternBrush
GetCharABCWidthsW
AbortDoc
GetArcDirection
GetTextExtentExPointW
UpdateColors
FlattenPath
GetRasterizerCaps
GetStockObject
SetArcDirection
SetGraphicsMode
SetPixelFormat
ResetDCA
SaveDC
SetPixelV
IntersectClipRect
SetSystemPaletteUse
CreateBrushIndirect
CancelDC
SetEnhMetaFileBits
AbortPath
DrawEscape
CombineRgn

shell32

DragQueryFileA
SHBrowseForFolder
ExtractAssociatedIconW
DragFinish
RealShellExecuteExW
RealShellExecuteA
FreeIconList
SheSetCurDrive
CommandLineToArgvW
SHGetInstanceExplorer
SHGetFileInfoA
DragQueryPoint
DuplicateIcon

wininet

UnlockUrlCacheEntryStream
GopherFindFirstFileA
UnlockUrlCacheEntryFile
InternetSetOptionExW
FtpGetCurrentDirectoryW
FtpOpenFileA
InternetSetOptionW
InternetGoOnline
GopherGetLocatorTypeA
InternetHangUp
IncrementUrlCacheHeaderData
SetUrlCacheHeaderData
FindNextUrlCacheContainerA
RetrieveUrlCacheEntryStreamA
FtpCreateDirectoryA
InternetConnectW
GopherGetAttributeA
InternetConfirmZoneCrossingW
InternetQueryFortezzaStatus

advapi32

RegReplaceKeyA
CryptDestroyKey
RegQueryMultipleValuesW
LookupAccountNameA
LookupAccountSidW
RegNotifyChangeKeyValue
CryptExportKey
CryptHashData
RegOpenKeyW
CryptAcquireContextW
RegDeleteKeyA
RegSetKeySecurity
RegConnectRegistryW
CryptSignHashW
CryptGetDefaultProviderW
RegQueryValueExA
DuplicateToken
CryptGetDefaultProviderA
LookupPrivilegeNameW
RegOpenKeyExW
CryptEnumProviderTypesA
CryptImportKey
RegOpenKeyExA

kernel32

HeapFree
ExitProcess
GetCurrentThreadId
GetProcAddress
VirtualAlloc
GetTickCount
SetConsoleTitleW
GetCurrentProcessId
GetModuleHandleA
GetLogicalDrives
GetACP
GetModuleFileNameA
GetPrivateProfileStringA
LoadLibraryA
GetCalendarInfoW
SleepEx
HeapReAlloc
ReadConsoleOutputCharacterW
CopyFileA
GetStdHandle
VirtualQuery
RtlUnwind
TerminateProcess
GetTempFileNameW
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcess
QueryPerformanceCounter
HeapAlloc

comdlg32

GetFileTitleW
ReplaceTextW
GetOpenFileNameA
ChooseColorW
PageSetupDlgA
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameW
PrintDlgW
GetSaveFileNameW
PageSetupDlgW
ReplaceTextA
ChooseColorA
ChooseFontW
LoadAlterBitmap
FindTextA
FindTextW

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4e798fbaa45830b82846d917375b8c5

Headers

File Characteristics

Imports

gdi32

shell32

wininet

advapi32

kernel32

comdlg32

Sections

.text Size: 131KB - Virtual size: 130KB

.data Size: 264KB - Virtual size: 263KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 131KB - Virtual size: 130KB

.data
Size: 264KB - Virtual size: 263KB

.rsrc
Size: 6KB - Virtual size: 6KB