6ff75ef8989d6b3325c382746d130651_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6ff75ef8989d6b3325c382746d130651_JaffaCakes118
Size

460KB
MD5

6ff75ef8989d6b3325c382746d130651
SHA1

2874c04f243d87d725f6c303fbdf7c1d4fe54975
SHA256

59ae95cce12966a4d702abfdbb21279047ecd550b0ba0d287b6ce665b5147129
SHA512

3d9bc8288b2606368035c9843056e4b645d1e02d3803666184baba4b3f972ce943a937cb5eef6c1689f6cd8ff2ddaf2f7770680ba355c12c5709a3b9ba6b87f4
SSDEEP

12288:yc+19k1Db/NH0/L0BGmJI+4CckXfIjZ8NAHbMMnMMMMM:v+1u1Db/NH0p4I+4Z8w8NA7MMnMMMMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ff75ef8989d6b3325c382746d130651_JaffaCakes118

Files

6ff75ef8989d6b3325c382746d130651_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55733dcb0dadcf0696853fedcbb379e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Get_Version_Ex

advapi32

RegSetValueExA
ImpersonateLoggedOnUser
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegDeleteValueA
OpenThreadToken
RegDeleteKeyA
RegNotifyChangeKeyValue
RegEnumKeyExA
RevertToSelf
RegEnumValueA
RegCloseKey

user32

CallMsgFilterW
PostThreadMessageA
CharNextA
DispatchMessageA
GetMessageA
RegisterWindowMessageA
wsprintfA

wininet

InternetCombineUrlA
InternetCrackUrlA

inetcomm

MimeOleSetCompatMode
MimeOleInetDateToFileTime
MimeOleGetPropertySchema
MimeOleCreateMessage
MimeOleGetInternat

urlmon

CoInternetGetSession
CoInternetParseUrl
UrlMkSetSessionOption
CopyBindInfo

kernel32

GetFileTime
VirtualAlloc
GetDateFormatW
LeaveCriticalSection
lstrcatA
GetCurrentThreadId
GetStringTypeW
HeapFree
InitializeCriticalSection
LoadResource
HeapDestroy
SystemTimeToFileTime
lstrcpyA
TlsGetValue
GlobalUnlock
Sleep
GetTempPathA
CreateFileW
GetTimeFormatA
GetTempFileNameA
WriteFile
InterlockedIncrement
lstrcpynA
SetEndOfFile
GetCurrentProcessId
FindNextFileA
GetSystemInfo
GetSystemTimeAsFileTime
GetLocaleInfoA
SizeofResource
GetThreadLocale
SetFileAttributesA
GetLocaleInfoW
UnhandledExceptionFilter
FormatMessageA
TerminateProcess
CreateFileA
GetTimeZoneInformation
GetModuleHandleA
LoadLibraryExA
FindResourceA
GetFileSize
FlushFileBuffers
GetSystemTime
GlobalAlloc
FindFirstFileA
GlobalLock
GetSystemDefaultLangID
EnterCriticalSection
GetCPInfo
ExitProcess
lstrlenA
SetUnhandledExceptionFilter
lstrcmpiA
GetShortPathNameA
FormatMessageW
QueryPerformanceCounter
GetOverlappedResult
TlsAlloc
MultiByteToWideChar
DeleteCriticalSection
TlsSetValue
lstrlenW
CompareFileTime
GetVersionExA
CopyFileA
VirtualQuery
IsDBCSLeadByteEx
GetProcAddress
HeapCreate
GlobalHandle
GetCurrentThread
IsBadReadPtr
GetLastError
GlobalFree
GetModuleFileNameA
GetCurrentProcess
VirtualFree
CloseHandle
IsValidCodePage
TlsFree
LoadLibraryA
FileTimeToSystemTime
GetTimeFormatW
SetEvent
CreateEventA
ResetEvent
VirtualProtect
SetFilePointer
ReadFile
InterlockedExchange
WideCharToMultiByte
IsDBCSLeadByte
WaitForSingleObject
IsBadWritePtr
GetACP
FreeLibrary
InterlockedDecrement
GetDateFormatA
HeapAlloc
GlobalReAlloc
GetTickCount
GetUserDefaultLCID
LocalFree
FindClose

certmgr

DllGetClassObject

ole32

CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
CoCreateGuid
ProgIDFromCLSID
CoCreateFreeThreadedMarshaler
CoUninitialize
CoTaskMemRealloc
CoCreateInstance

shlwapi

StrCatBuffW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 124KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55733dcb0dadcf0696853fedcbb379e2

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

advapi32

user32

wininet

inetcomm

urlmon

kernel32

certmgr

ole32

shlwapi

version

Sections

.text Size: 156KB - Virtual size: 155KB

.idata Size: 4KB - Virtual size: 4KB

.data Size: 124KB - Virtual size: 1.8MB

.reloc Size: 512B - Virtual size: 28B

.rdata Size: 142KB - Virtual size: 141KB

.rsrc Size: 32KB - Virtual size: 31KB

.text
Size: 156KB - Virtual size: 155KB

.idata
Size: 4KB - Virtual size: 4KB

.data
Size: 124KB - Virtual size: 1.8MB

.reloc
Size: 512B - Virtual size: 28B

.rdata
Size: 142KB - Virtual size: 141KB

.rsrc
Size: 32KB - Virtual size: 31KB