5b2a144f2989b50106d006888cd6b0e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b2a144f2989b50106d006888cd6b0e3_JaffaCakes118
Size

445KB
MD5

5b2a144f2989b50106d006888cd6b0e3
SHA1

a69b6a9c7fcd34b55b5c2cf8f5ef3a45cc9f154d
SHA256

b198712b0e92be86956b2ab21246a2982d8b4915325018e276c677369e14425f
SHA512

1705a4cef3fcddc16259470522b04622916d46241b56e7cb447d66dc0ae696c1fbd8567d9dc53ed1008632fb5cd68cfece2d254d82e80e54e0498a8769e96968
SSDEEP

6144:ReRtYEQ7bSuHUmphbAPr7IKfqXbpsYaKep1Co3gN1pddyE/e4OXeXiudE1ImP306:ojWPPDMnNjiepse+DnhOXArdE1ImM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b2a144f2989b50106d006888cd6b0e3_JaffaCakes118

Files

5b2a144f2989b50106d006888cd6b0e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c21bf114ea5640caea8dc29b8493962c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetUserKey
RegRestoreKeyA
RegEnumKeyA
CryptSetProviderExA
CryptCreateHash
CryptGetDefaultProviderW
LookupAccountSidW
RegOpenKeyExW
RegConnectRegistryA
RegCreateKeyW
RegQueryMultipleValuesA
RegSetKeySecurity
RegRestoreKeyW
LookupAccountSidA
LookupSecurityDescriptorPartsW
CryptGenKey
RegEnumKeyW
CryptDestroyHash
CryptReleaseContext
ReportEventA
LogonUserA
RegSetValueExW
RegCreateKeyExW

gdi32

GetKerningPairsA
RoundRect
CreateHatchBrush
Arc
ExtTextOutA
EnumFontFamiliesW
GetPolyFillMode
SetTextAlign
GetGlyphOutlineA
SetMetaFileBitsEx
CreateMetaFileA
GetCurrentPositionEx
CreatePolyPolygonRgn
StretchDIBits
StartDocW
GetBrushOrgEx
GetColorSpace
AddFontResourceW

shell32

ExtractIconEx
DragQueryFileA
SHBrowseForFolderA
SHQueryRecycleBinA
SheChangeDirA
ExtractIconW
SHEmptyRecycleBinA
ExtractAssociatedIconA
SHFileOperation
SheChangeDirExW
ExtractAssociatedIconExA
SHFreeNameMappings
FindExecutableW
DoEnvironmentSubstW

comdlg32

FindTextW
PageSetupDlgA
PrintDlgA

kernel32

VirtualQuery
LCMapStringW
VirtualFree
CompareStringW
FreeResource
TlsSetValue
TerminateProcess
EnumSystemLocalesA
GetLocaleInfoW
DeleteCriticalSection
HeapDestroy
GetModuleHandleW
GetEnvironmentStringsA
LockResource
GetStdHandle
SetUnhandledExceptionFilter
GetProcAddress
DeleteFileW
HeapSize
GetFileType
InterlockedIncrement
GetStringTypeA
GetACP
HeapCreate
FreeEnvironmentStringsA
WriteFile
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcess
GetTickCount
ExitProcess
Sleep
GetLocaleInfoA
GetModuleHandleA
IsValidLocale
MoveFileA
SetEnvironmentVariableA
GetCPInfo
HeapAlloc
CreateFileW
IsValidCodePage
EnterCriticalSection
GetCurrentThread
HeapReAlloc
MultiByteToWideChar
SetHandleCount
FreeLibrary
GetStartupInfoA
TlsGetValue
GetDateFormatA
IsDebuggerPresent
CompareStringA
GetTimeFormatA
TlsAlloc
LoadLibraryA
GetEnvironmentStringsW
GetCurrentProcessId
SetLastError
GetEnvironmentStrings
CopyFileA
GetModuleFileNameA
ReadConsoleOutputA
lstrcmpi
GetCurrentThreadId
InterlockedExchange
RtlUnwind
GetTimeZoneInformation
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCommandLineA
VirtualAlloc
LeaveCriticalSection
GetLastError
LCMapStringA
SetConsoleCtrlHandler
GetUserDefaultLCID
GetOEMCP
InterlockedDecrement
TlsFree
GetStringTypeW
HeapFree
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c21bf114ea5640caea8dc29b8493962c

Headers

File Characteristics

Imports

advapi32

gdi32

shell32

comdlg32

kernel32

Sections

.text Size: 161KB - Virtual size: 160KB

.data Size: 277KB - Virtual size: 276KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 161KB - Virtual size: 160KB

.data
Size: 277KB - Virtual size: 276KB

.rsrc
Size: 6KB - Virtual size: 5KB