3c042064df59e7a0d147539124a91d7f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c042064df59e7a0d147539124a91d7f_JaffaCakes118
Size

59KB
MD5

3c042064df59e7a0d147539124a91d7f
SHA1

0048ec9aecb34ac8dabcbf59f728b2880aeb61b7
SHA256

964b4459d9a3d4fea6bff33eeca100b879759af6dedad8e3873590b7fee5da72
SHA512

d835241ee6f964ce0f54fb802e182c21a9de494c3276f161e844c00b6c5ae67703be411fed1c2f44a38cee5e3733ab3fb98263fa4b1c7a4ad9f3313fc9184e28
SSDEEP

1536:rgF2U5i7NWWgMt9X6EEG06iecVCHY0VvJ:rggX7NWW7X6fG0nX0Vx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c042064df59e7a0d147539124a91d7f_JaffaCakes118

Files

3c042064df59e7a0d147539124a91d7f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

657ad0fe6751c59593f2806b1b1b482b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetOldestEventLogRecord
CryptSetHashParam
SetNamedSecurityInfoA
CancelOverlappedAccess
RegCreateKeyExA
ObjectCloseAuditAlarmA
ReadEventLogA
GetFileSecurityA
SetEntriesInAuditListA
CryptGetKeyParam
RegOpenKeyExA
RegQueryValueExA
CryptEnumProvidersA
RegGetKeySecurity
CryptGetProvParam
OpenThreadToken
SetEntriesInAclA
RegNotifyChangeKeyValue
CryptSetProviderA
RegCloseKey
RegSetValueExA
ClearEventLogA
CryptHashData
BuildExplicitAccessWithNameA
GetOverlappedAccessResults
GetAuditedPermissionsFromAclA
DestroyPrivateObjectSecurity
CryptDecrypt
OpenSCManagerA
ChangeServiceConfigA
GetKernelObjectSecurity
AddAuditAccessAce
CryptDuplicateHash
GetNamedSecurityInfoA
RegQueryInfoKeyA
NotifyChangeEventLog
ImpersonateNamedPipeClient
ObjectOpenAuditAlarmA
RegSetKeySecurity
CryptContextAddRef
BuildSecurityDescriptorA
RegLoadKeyA
EnumDependentServicesA
GetAce
RegSaveKeyA
OpenServiceA
SetNamedSecurityInfoExA

user32

GetListBoxInfo
EndDialog
DrawIconEx
DdeGetData
DeleteMenu
ChangeDisplaySettingsExA
GetKeyNameTextA
DefFrameProcA
ScrollWindow
DestroyIcon
CreateIconFromResourceEx
CallMsgFilter
MessageBeep
CreateDialogIndirectParamA
CloseClipboard
CreatePopupMenu
GetClipboardSequenceNumber
GetWindowRect
DdeSetUserHandle
UnpackDDElParam
EnumWindows
BlockInput
IsCharAlphaNumericA
CountClipboardFormats
GetInputDesktop
PostMessageA
GetScrollInfo
SetSysColorsTemp
ToAsciiEx
TranslateMDISysAccel
InvalidateRect
SetWindowsHookExA
IsClipboardFormatAvailable
SwapMouseButton
CharToOemA
SetMenuInfo
DdeConnectList
SendNotifyMessageA
HiliteMenuItem
LoadMenuA
SetWindowRgn
ArrangeIconicWindows
FillRect

shlwapi

UrlCombineA

Sections

.lql
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wzql
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.foxsl
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxit
Size: 27KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

657ad0fe6751c59593f2806b1b1b482b

Headers

File Characteristics

Imports

advapi32

user32

shlwapi

Sections

.lql Size: 22KB - Virtual size: 45KB

.wzql Size: 5KB - Virtual size: 10KB

.foxsl Size: 1024B - Virtual size: 1KB

.gxit Size: 27KB - Virtual size: 132KB

.rsrc Size: 2KB - Virtual size: 4KB

.lql
Size: 22KB - Virtual size: 45KB

.wzql
Size: 5KB - Virtual size: 10KB

.foxsl
Size: 1024B - Virtual size: 1KB

.gxit
Size: 27KB - Virtual size: 132KB

.rsrc
Size: 2KB - Virtual size: 4KB