3cf3b6048d6dbb3278bcbce17d99ddd0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cf3b6048d6dbb3278bcbce17d99ddd0_JaffaCakes118
Size

532KB
MD5

3cf3b6048d6dbb3278bcbce17d99ddd0
SHA1

be37b2057dcccd0de6a1eb9d18a75698901f8011
SHA256

ff4f0b03922a72720f2b6de655d7f67816f52f1e02ae65a4373176849047fe95
SHA512

69cb5a04a1f1519660a2cedd632befed109b3f0dd96b01edfc95b9323ee9dc5c9b252a66ae8722e487dc6a846eed8a521316e5c9c01804130bff8f56b852041a
SSDEEP

12288:HldBIgUSKgBJQruSsRIj8b5Co5Zh4SkyyituGpcKj:fSgjJeuSmAo5IxituPK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cf3b6048d6dbb3278bcbce17d99ddd0_JaffaCakes118

Files

3cf3b6048d6dbb3278bcbce17d99ddd0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d00786b6aadcd242413f2367590ec05f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\oeewtqezn\oveuse\teno

Imports

kernel32

SetFilePointer
FreeEnvironmentStringsW
Sleep
InterlockedIncrement
GetCommandLineA
CreateWaitableTimerA
GetSystemTimeAsFileTime
GetProcAddress
GetCurrentProcessId
GetFileType
OpenMutexA
VirtualFree
SetUnhandledExceptionFilter
TlsAlloc
GetConsoleCP
SetHandleCount
GetStdHandle
SetConsoleCtrlHandler
GetConsoleOutputCP
GetCurrentThreadId
TlsFree
GetModuleFileNameA
GetVersionExA
GetUserDefaultLCID
GetConsoleMode
IsValidLocale
RtlUnwind
QueryPerformanceCounter
VirtualAlloc
SetStdHandle
GetLastError
GetCPInfo
IsDebuggerPresent
GetCurrentThread
InitializeCriticalSection
GetStringTypeA
SetLastError
GetCurrentProcess
GetEnvironmentStringsW
GetLocaleInfoA
CreateMutexW
GetOEMCP
TlsSetValue
HeapFree
CreateMutexA
SleepEx
ExitProcess
InterlockedExchange
TlsGetValue
GetACP
CompareStringW
WriteFileEx
SetEnvironmentVariableA
GetTimeZoneInformation
GetDateFormatA
GetFileAttributesExW
GetWindowsDirectoryW
SetConsoleTextAttribute
VirtualQuery
GetPrivateProfileStringW
IsValidCodePage
EnterCriticalSection
LocalLock
GetProcessHeap
UnhandledExceptionFilter
LCMapStringA
InterlockedDecrement
CreateFileA
GetLocaleInfoW
HeapDestroy
FreeEnvironmentStringsA
FreeLibrary
HeapAlloc
CompareStringA
GetTickCount
FlushFileBuffers
LCMapStringW
GetThreadTimes
DeleteCriticalSection
WideCharToMultiByte
GetEnvironmentStrings
GetTimeFormatA
GetModuleHandleA
EnumSystemLocalesA
WriteConsoleA
GetStartupInfoA
WriteConsoleW
MultiByteToWideChar
TerminateProcess
LoadLibraryA
ReadFile
HeapReAlloc
WriteFile
CloseHandle
HeapLock
HeapCreate
LeaveCriticalSection
GetStringTypeW
LoadResource
HeapSize
GetNumberFormatA

shell32

SheChangeDirA
SHGetFileInfo
SHAppBarMessage
DragQueryFile

user32

SendIMEMessageExW
EndDialog
RegisterClassA
RegisterClassExA
DragObject
TileWindows
DrawFocusRect
RemovePropA

advapi32

RegQueryInfoKeyA
LookupPrivilegeNameW
InitializeSecurityDescriptor
CryptDeriveKey
AbortSystemShutdownW
CryptDestroyKey
RegSetValueExA
RegSetValueW
CryptReleaseContext
CryptExportKey
CryptGetKeyParam
CreateServiceA
CryptEnumProviderTypesA
LookupAccountNameA
CryptGetDefaultProviderA
RegDeleteValueA
RegQueryInfoKeyW
RegSetValueExW
CryptSetHashParam

wininet

InternetConnectA
FtpCreateDirectoryW
SetUrlCacheEntryGroupA
InternetShowSecurityInfoByURL
UnlockUrlCacheEntryFile
FindFirstUrlCacheEntryExA
InternetReadFileExA
InternetOpenUrlA

gdi32

CancelDC
StrokePath
CreateColorSpaceA
MoveToEx
GetLogColorSpaceW
GetICMProfileW
SetDIBitsToDevice
LineDDA
FillRgn
GetBkColor
GetWindowExtEx
DescribePixelFormat
GetCharWidth32W
RemoveFontResourceW
GetEnhMetaFileA
PolyBezier
AbortPath
GetRegionData
Chord
PathToRegion
SelectObject
CreateDCA

comctl32

InitCommonControlsEx

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d00786b6aadcd242413f2367590ec05f

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

user32

advapi32

wininet

gdi32

comctl32

Sections

.text Size: 374KB - Virtual size: 373KB

.rdata Size: 37KB - Virtual size: 47KB

.data Size: 107KB - Virtual size: 106KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 374KB - Virtual size: 373KB

.rdata
Size: 37KB - Virtual size: 47KB

.data
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 13KB - Virtual size: 13KB