9462a362910709bda64b2ddce470ed5d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9462a362910709bda64b2ddce470ed5d_JaffaCakes118
Size

212KB
MD5

9462a362910709bda64b2ddce470ed5d
SHA1

b476f44143d5141b0da63fddb3068530abdb00a7
SHA256

c4a257955e1995a74ef1e2a690fa0b94eb01a20377211d01e0a3742f9462e097
SHA512

8c8c6fd7962b45d9f7bf051c95d49492121b83c81cad103d7cf77048cf8d1c425b3c6c66960fd49f156d56dd4a1a210a1ac878d6b58e084be859c668b0acd4d8
SSDEEP

6144:davW/yVqtW23YmejTb9douEWLCUys0RO:ovLR7TDoz4CDse

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9462a362910709bda64b2ddce470ed5d_JaffaCakes118

Files

9462a362910709bda64b2ddce470ed5d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2da30ccd73ae658516f9d92f6082d608

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetLocalTime
CreateNamedPipeW
GetACP
HeapCreate
SystemTimeToFileTime
LoadLibraryA
CreateMailslotA
TlsAlloc
CreateDirectoryW
OpenEventW
ExitProcess
GetFullPathNameW
GetLogicalDriveStringsW
lstrcmpi
EnumCalendarInfoW
DosDateTimeToFileTime
CreateMutexA
lstrcmpiW
CompareStringA
BeginUpdateResourceA
WaitForSingleObject
ReplaceFileA
GetFileAttributesA
GlobalGetAtomNameA
ExpandEnvironmentStringsW
AddAtomW
lstrcpynA
GetProcAddress
GetComputerNameA
GetMailslotInfo
OpenMutexA
GetVolumeInformationA
FreeResource
SetUnhandledExceptionFilter
GetVersionExA
GetHandleInformation
GetCurrentDirectoryW
FindResourceW
GetTempPathA
FindResourceA
LocalAlloc

user32

RemoveMenu
UnregisterClassA
LoadBitmapA
SetCursorPos
GetWindowTextW
LoadCursorA
DefWindowProcA
wvsprintfW
GetMenuItemCount
RegisterClassA
IsCharUpperA
CreatePopupMenu
SetMenu
FillRect
GetDC
PostMessageA

gdi32

GetDIBits
EnumObjects
GetTextExtentExPointI
SetWinMetaFileBits
GetEnhMetaFileDescriptionA
GetCharABCWidthsA
PtInRegion
CreateDIBSection
GetMiterLimit
GetTextMetricsA
FontIsLinked
GetGraphicsMode

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCreateKeyW
RegSaveKeyA
RegCreateKeyExW
RegQueryInfoKeyW

shlwapi

SHRegSetPathW
PathCompactPathA
PathIsFileSpecA
SHRegEnumUSKeyA
UrlIsW
SHRegDeleteUSValueW
StrSpnW
PathBuildRootW
SHRegGetPathW
SHDeleteValueW
PathAddExtensionW
PathGetDriveNumberW
PathUndecorateW
PathRemoveFileSpecA
StrFormatByteSizeA
UrlCombineA

comctl32

ImageList_Duplicate
ImageList_DrawIndirect
InitMUILanguage
ImageList_BeginDrag
ImageList_LoadImageA
InitializeFlatSB

version

VerInstallFileW
VerLanguageNameW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW

wininet

InternetGoOnlineW
FtpSetCurrentDirectoryW
InternetCloseHandle
FtpGetFileSize
CommitUrlCacheEntryA
SetUrlCacheHeaderData
HttpOpenRequestA
InternetLockRequestFile
InternetWriteFileExA
ShowX509EncodedCertificate
InternetQueryOptionA
HttpSendRequestW
FtpRenameFileA
GopherOpenFileA
InternetTimeFromSystemTime
InternetHangUp
InternetOpenUrlW
FindFirstUrlCacheEntryW
DeleteUrlCacheGroup

winspool.drv

DeletePrinterDriverExA
AddPrinterConnectionW

crypt32

CertEnumCRLsInStore
CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptVerifyMessageSignatureWithKey
I_CryptGetLruEntryIdentifier
CertDuplicateCTLContext
CryptSIPCreateIndirectData
CertAddCTLLinkToStore
CertUnregisterSystemStore
CryptImportPublicKeyInfoEx
CryptSignMessage
CryptHashToBeSigned
CertFindCTLInStore
CryptSIPRemoveProvider
CryptDecryptMessage
CryptVerifyCertificateSignatureEx
CryptSIPAddProvider
CryptDecodeObject
CryptGetKeyIdentifierProperty

Sections

.j
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kJGTo
Size: 3KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jlbS
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SOV
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Bmkbj
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Uj
Size: 1024B - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dMYm
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WwMKI
Size: 2KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wo
Size: 4KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IbJKtH
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2da30ccd73ae658516f9d92f6082d608

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

version

wininet

winspool.drv

crypt32

Sections

.j Size: 1KB - Virtual size: 1KB

.kJGTo Size: 3KB - Virtual size: 90KB

.jlbS Size: 83KB - Virtual size: 82KB

.SOV Size: 13KB - Virtual size: 13KB

.Bmkbj Size: 3KB - Virtual size: 4KB

.Uj Size: 1024B - Virtual size: 312KB

.dMYm Size: 4KB - Virtual size: 25KB

.WwMKI Size: 2KB - Virtual size: 246KB

.wo Size: 4KB - Virtual size: 220KB

.IbJKtH Size: 83KB - Virtual size: 83KB

.data Size: 5KB - Virtual size: 127KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 1024B

.j
Size: 1KB - Virtual size: 1KB

.kJGTo
Size: 3KB - Virtual size: 90KB

.jlbS
Size: 83KB - Virtual size: 82KB

.SOV
Size: 13KB - Virtual size: 13KB

.Bmkbj
Size: 3KB - Virtual size: 4KB

.Uj
Size: 1024B - Virtual size: 312KB

.dMYm
Size: 4KB - Virtual size: 25KB

.WwMKI
Size: 2KB - Virtual size: 246KB

.wo
Size: 4KB - Virtual size: 220KB

.IbJKtH
Size: 83KB - Virtual size: 83KB

.data
Size: 5KB - Virtual size: 127KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 1024B