5fcf2652133d36a7b582b43448b03580_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5fcf2652133d36a7b582b43448b03580_JaffaCakes118
Size

592KB
MD5

5fcf2652133d36a7b582b43448b03580
SHA1

52e1c24bba4d59b27683249577ec4e3c80bd0137
SHA256

c8df336e888c4235c479f680cecb20f1948319c0f58b71f86902907f64d1d9c8
SHA512

213f29198c9628482c28a4826dc44f2fd8f9d794af4f15c22fedfa54960ea703637f6ac464ae67fb31a499879d21036e2629352b2556aef2fffdeff839795236
SSDEEP

12288:V0P2O5Khfyj0Z1ljDDib17mqNHMQU2ThVx+F5mhmanXCnGDw9ID2mQjlXrzNF:WRKBM0Z1ljXGIoMQU2ThLU5GyCL0jlb7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fcf2652133d36a7b582b43448b03580_JaffaCakes118

Files

5fcf2652133d36a7b582b43448b03580_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ec55d7e9bf407526d5cdc882af13759

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\ele\ybgbrt

Imports

user32

MapVirtualKeyExW
ChildWindowFromPoint
EnumWindows
CharLowerBuffW
DragDetect
CloseDesktop
DdeCreateStringHandleW
DestroyWindow
GetParent
SetRectEmpty
EnumClipboardFormats
MessageBoxW
GrayStringW
RegisterClassA
TranslateAcceleratorW
DlgDirListW
DdeKeepStringHandle
OpenWindowStationW
ImpersonateDdeClientWindow
ShowWindow
AppendMenuW
RegisterClassExA
SetCursorPos
GetAncestor
CreateWindowExA
GetWindowTextA
SetParent
IsCharAlphaW
CreateDialogIndirectParamW
AnyPopup
CreateAcceleratorTableW
LoadImageW
GetLastActivePopup
DefWindowProcW
DdeCreateStringHandleA

shell32

SHGetFileInfoA
InternalExtractIconListA

kernel32

TlsSetValue
CreateFileA
FreeEnvironmentStringsW
GetStartupInfoW
FreeLibraryAndExitThread
SetFilePointer
WideCharToMultiByte
OpenMutexA
GetCommandLineA
VirtualQuery
WriteConsoleOutputCharacterW
FlushFileBuffers
HeapFree
FileTimeToLocalFileTime
ExpandEnvironmentStringsA
TlsAlloc
EnumSystemCodePagesA
UnhandledExceptionFilter
HeapReAlloc
GetModuleFileNameW
Sleep
SetConsoleCtrlHandler
TlsGetValue
ExitProcess
SetSystemTime
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetOEMCP
RtlUnwind
GetUserDefaultLCID
VirtualAlloc
IsValidCodePage
GetTimeFormatA
GetConsoleOutputCP
InterlockedExchange
GetLastError
GetDiskFreeSpaceExW
GetStdHandle
FoldStringA
GetCurrentProcessId
GetModuleHandleA
GetEnvironmentStrings
TerminateProcess
FreeLibrary
EnterCriticalSection
WriteConsoleA
GetConsoleMode
GetCommandLineW
GetCurrentProcess
CompareStringW
GetSystemTimeAsFileTime
CloseHandle
GetCurrentThread
GetConsoleCP
GetACP
VirtualFree
HeapCreate
CompareStringA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
WriteConsoleW
DeleteCriticalSection
EnumResourceTypesA
GetProcAddress
GetStringTypeW
GetCompressedFileSizeA
GetStringTypeA
GetFileType
HeapDestroy
IsValidLocale
GetModuleFileNameA
GetDateFormatA
LoadLibraryA
QueryPerformanceCounter
HeapAlloc
GetLocaleInfoW
InterlockedDecrement
EnumSystemLocalesA
InterlockedIncrement
SetEnvironmentVariableA
HeapSize
TlsFree
SetLastError
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
GetModuleHandleW
GetLocaleInfoA
GetCurrentThreadId
MultiByteToWideChar
ReadFile
LCMapStringA
CreateMutexA
GetCPInfo
PulseEvent
WriteFile
LCMapStringW
SetStdHandle
GetTickCount
SystemTimeToTzSpecificLocalTime

comdlg32

ChooseFontW
GetOpenFileNameW
ChooseColorW

comctl32

ImageList_Draw
ImageList_GetImageInfo
ImageList_DrawEx
ImageList_Remove
ImageList_GetIconSize
ImageList_GetFlags
InitCommonControlsEx
GetEffectiveClientRect

wininet

InternetCanonicalizeUrlA
ResumeSuspendedDownload
InternetReadFileExW
InternetCrackUrlW
SetUrlCacheEntryInfoA
InternetCanonicalizeUrlW
HttpEndRequestW

advapi32

CryptVerifySignatureW
RevertToSelf
CryptSignHashW
RegQueryMultipleValuesA
CryptReleaseContext
ReportEventW
CryptGenKey
RegCreateKeyExA
CryptSetProviderW
CryptDestroyKey
LookupSecurityDescriptorPartsA
LookupPrivilegeValueW
LogonUserA
LookupAccountSidW
CryptEnumProvidersA

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ec55d7e9bf407526d5cdc882af13759

Headers

File Characteristics

PDB Paths

Imports

user32

shell32

kernel32

comdlg32

comctl32

wininet

advapi32

Sections

.text Size: 192KB - Virtual size: 189KB

.rdata Size: 260KB - Virtual size: 257KB

.data Size: 112KB - Virtual size: 116KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 192KB - Virtual size: 189KB

.rdata
Size: 260KB - Virtual size: 257KB

.data
Size: 112KB - Virtual size: 116KB

.rsrc
Size: 24KB - Virtual size: 23KB