6f2b6fffd1804b909b3f4c38eaa1dc3a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6f2b6fffd1804b909b3f4c38eaa1dc3a_JaffaCakes118
Size

552KB
MD5

6f2b6fffd1804b909b3f4c38eaa1dc3a
SHA1

a678135536a11e61ee31335d37db49105cb11c30
SHA256

409425b2a8c296f948a679afc82863814349486698cbeaae72bb20fa88bf8d1b
SHA512

1b99afc6c34a01814222f307791e99c6b662b60d92a6fcdd8669e7b64fd8ec9cab47999181815aebff5d04e5d5cf0496f113c5ffa1552979fa49de3dd52af80b
SSDEEP

12288:VV9QINXn6NVuSkz6+YZSt9tyqSLo84ojd9qou+UaS9sfwtea5:VVWIp6NYSkz6Qpy3oVoB9AV9sS/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f2b6fffd1804b909b3f4c38eaa1dc3a_JaffaCakes118

Files

6f2b6fffd1804b909b3f4c38eaa1dc3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

09deb7f41501b1ba77905d020d7e138f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

n:\pb

Imports

comdlg32

GetFileTitleW
FindTextA

shell32

SHGetInstanceExplorer
SHFileOperationA

user32

ReleaseDC
SetScrollRange
GetQueueStatus
CreateAcceleratorTableW
MenuItemFromPoint
RegisterClassExA
GetUpdateRect
GetListBoxInfo
DispatchMessageA
DdeFreeStringHandle
SetClassLongA
AdjustWindowRectEx
IsCharLowerW
SetCursorPos
InsertMenuItemW
RegisterClassA
CharUpperBuffA
LoadMenuW
DdeImpersonateClient
SetMessageExtraInfo
RealChildWindowFromPoint
GrayStringA
BroadcastSystemMessageW
SetKeyboardState
MapVirtualKeyExA
LoadAcceleratorsW
IsDlgButtonChecked
DrawEdge
GetClassInfoA

kernel32

WriteConsoleOutputCharacterA
EnumSystemLocalesA
GetModuleFileNameA
GetFileType
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetCurrentProcess
HeapAlloc
GetLocaleInfoW
GetCPInfo
SetEnvironmentVariableA
GetStringTypeA
GetCurrentProcessId
GetCommandLineA
GetTimeFormatA
GetConsoleScreenBufferInfo
LCMapStringW
CompareStringW
EnumDateFormatsExA
HeapCreate
CompareStringA
GetStdHandle
VirtualFreeEx
GetEnvironmentStrings
CreateDirectoryExW
GetACP
SetConsoleTitleW
HeapSize
FileTimeToDosDateTime
GetVersionExA
GetUserDefaultLCID
CreateMutexA
GetThreadTimes
GetStartupInfoA
DeleteCriticalSection
GetCalendarInfoW
TlsAlloc
GetSystemTimeAsFileTime
FindResourceW
GetLocalTime
MultiByteToWideChar
CopyFileA
GetProcessHeaps
GetTimeZoneInformation
EnterCriticalSection
LockFileEx
QueryPerformanceCounter
GetSystemTimeAdjustment
IsBadWritePtr
ResetEvent
ExitProcess
HeapReAlloc
CreateSemaphoreA
GetThreadContext
GetDateFormatA
OpenEventA
GetCurrentThread
FillConsoleOutputCharacterA
SetConsoleOutputCP
ReadFile
GetPrivateProfileSectionW
IsValidCodePage
IsValidLocale
InitializeCriticalSection
GetTickCount
LoadLibraryA
TlsFree
GetEnvironmentStringsW
SetFilePointer
LeaveCriticalSection
GetStartupInfoW
CreateSemaphoreW
WriteConsoleA
TlsSetValue
GetProcAddress
GlobalReAlloc
VirtualFree
InterlockedExchange
VirtualQuery
GetModuleHandleA
RtlUnwind
GetProcAddress
SetStdHandle
GetProcessHeap
GetLogicalDriveStringsA
GlobalFindAtomW
OpenMutexA
GetCompressedFileSizeW
FlushFileBuffers
SetHandleCount
GetStringTypeW
WideCharToMultiByte
WriteFile
AddAtomA
GetSystemInfo
HeapFree
GetOEMCP
GetConsoleOutputCP
VirtualAlloc
TerminateProcess
GetCurrentThreadId
VirtualProtect
DebugActiveProcess
TlsGetValue
WriteConsoleOutputCharacterW
UnhandledExceptionFilter
CloseHandle
HeapDestroy
SetLastError
SetCurrentDirectoryW
SetWaitableTimer
CreateWaitableTimerA
GetLocaleInfoA
LCMapStringA
lstrcmpiA
EnumDateFormatsA
GetLastError
GetNamedPipeHandleStateW

wininet

ShowX509EncodedCertificate
FindNextUrlCacheEntryExA

comctl32

InitCommonControlsEx
ImageList_GetImageCount
ImageList_GetIcon
ImageList_EndDrag
ImageList_Copy
ImageList_Replace
ImageList_Write
ImageList_SetOverlayImage
ImageList_Destroy
ImageList_AddIcon
CreatePropertySheetPageA
ImageList_GetDragImage
ImageList_DrawEx

advapi32

ReportEventW
StartServiceA
CryptHashSessionKey
LookupSecurityDescriptorPartsA
RegEnumValueW
RevertToSelf
RegQueryValueW
RegRestoreKeyW
CryptSetProviderExA
CryptExportKey
LookupPrivilegeNameA
RegConnectRegistryA
RegQueryValueExW
RegCreateKeyExW
RegSetValueA
CryptGetDefaultProviderW
LookupAccountNameA
ReportEventA
GetUserNameA

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09deb7f41501b1ba77905d020d7e138f

Headers

File Characteristics

PDB Paths

Imports

comdlg32

shell32

user32

kernel32

wininet

comctl32

advapi32

Sections

.text Size: 160KB - Virtual size: 158KB

.rdata Size: 252KB - Virtual size: 249KB

.data Size: 116KB - Virtual size: 135KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 160KB - Virtual size: 158KB

.rdata
Size: 252KB - Virtual size: 249KB

.data
Size: 116KB - Virtual size: 135KB

.rsrc
Size: 20KB - Virtual size: 19KB