3e14d026452615ea34fcf31cea5251ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e14d026452615ea34fcf31cea5251ad_JaffaCakes118
Size

263KB
MD5

3e14d026452615ea34fcf31cea5251ad
SHA1

1442ac1bfe3c902f20101273d9ef9a1a96dd6105
SHA256

60d71d041bf37041b52febc981829970fcafcc40011b613df08480768badf0c7
SHA512

7fd2a276254cf4c12426412bc549d4029c21aa93a07708bf783e8a58afe2daf66a2e0f96e27f0d0f2ee9a41765de554c068e45bf8db5e6f81afc34184b0a5939
SSDEEP

6144:x7h6NsEIPLhVGoPp5if0VMURisSTKaecoRCJnJt:2NJIPLfr+FbWavoe7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e14d026452615ea34fcf31cea5251ad_JaffaCakes118

Files

3e14d026452615ea34fcf31cea5251ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f5caaf5bb36e4708382c5ac5825d6514

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHFileOperationW
SHGetPathFromIDList
CheckEscapesW
SHLoadInProc

comdlg32

PrintDlgW
ReplaceTextW

user32

RegisterClassA
GetTopWindow
ShowWindow
RegisterClassExA
MessageBoxW
DdeReconnect
CreateWindowExA
RealGetWindowClass
LoadBitmapA
SetWindowPos

comctl32

InitCommonControlsEx

advapi32

RegSaveKeyW
RegDeleteValueA
CryptSetProviderW
RegEnumKeyA
CryptGetHashParam
RegSaveKeyA
CryptSetKeyParam
StartServiceA
RegLoadKeyW
CryptImportKey
RegOpenKeyExA
LookupPrivilegeDisplayNameA
CryptVerifySignatureA
RegNotifyChangeKeyValue
LookupPrivilegeDisplayNameW
CryptHashSessionKey
RegQueryValueW
CryptContextAddRef
CryptAcquireContextA
CryptEncrypt
CryptDeriveKey

gdi32

GetDeviceCaps
FixBrushOrgEx
EnumFontFamiliesW
DeleteDC
CreateEnhMetaFileA
DPtoLP
CheckColorsInGamut
ResetDCW
InvertRgn
CreateDCW
GetNearestPaletteIndex
SetBitmapDimensionEx
SetWindowOrgEx
EnumFontsW

kernel32

CloseHandle
FlushFileBuffers
SetFilePointer
LCMapStringA
GetTickCount
DeleteCriticalSection
FreeEnvironmentStringsA
LCMapStringW
InterlockedDecrement
GetFileAttributesA
GetStringTypeW
GetProcAddress
GetCurrentProcess
GetModuleFileNameA
ReadFile
GetEnvironmentStringsW
GetCommandLineA
TlsAlloc
CompareStringA
TlsFree
GetSystemTime
HeapCreate
EnumDateFormatsExA
EnumDateFormatsA
RtlUnwind
MultiByteToWideChar
GetCurrentThreadId
SetEnvironmentVariableA
CompareStringW
SetThreadAffinityMask
OpenMutexA
GetFileType
GetSystemTimeAsFileTime
RaiseException
WideCharToMultiByte
GetStdHandle
HeapReAlloc
QueryPerformanceCounter
WriteFile
InterlockedExchange
CreateMutexA
HeapAlloc
UnhandledExceptionFilter
ExitProcess
GetTimeZoneInformation
GetCPInfo
SetStdHandle
LeaveCriticalSection
GetLocalTime
HeapFree
SetCurrentDirectoryA
GetACP
GetOEMCP
GetCurrentProcessId
GetEnvironmentStrings
GetLastError
SetHandleCount
EnterCriticalSection
GetCurrentThread
VirtualFree
GetProfileStringA
TlsSetValue
InitializeCriticalSection
GetStringTypeA
GetStartupInfoA
SetLastError
TlsGetValue
FreeEnvironmentStringsW
VirtualAlloc
VirtualQuery
IsBadWritePtr
TerminateProcess
LoadLibraryA
GetModuleHandleA
GetVersion
HeapDestroy
InterlockedIncrement

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f5caaf5bb36e4708382c5ac5825d6514

Headers

File Characteristics

Imports

shell32

comdlg32

user32

comctl32

advapi32

gdi32

kernel32

Sections

.text Size: 140KB - Virtual size: 140KB

.rdata Size: 22KB - Virtual size: 48KB

.data Size: 86KB - Virtual size: 85KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 140KB - Virtual size: 140KB

.rdata
Size: 22KB - Virtual size: 48KB

.data
Size: 86KB - Virtual size: 85KB

.rsrc
Size: 13KB - Virtual size: 13KB