bece0a9eccecbfc82f25546f4ee66ec1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bece0a9eccecbfc82f25546f4ee66ec1_JaffaCakes118
Size

792KB
MD5

bece0a9eccecbfc82f25546f4ee66ec1
SHA1

182736f6b4b733c5fdfcd947b1dc9b62f3a6ab85
SHA256

724a70463977b42068655ee40601c3195a41d1601d0128597538f0e293a54cbd
SHA512

086542a3393357f1b8e66581e13ae91953ab1906d10f2b255d96bfe939e5340f76cd3fdd401f976204ed8866d9a278d3d2b06e3be51fbadcd2addef2acbd7914
SSDEEP

24576:DgkR1d8fkueZmpruNww+W5iGV+LjiAgL+:MYMPeZoe71V6+A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bece0a9eccecbfc82f25546f4ee66ec1_JaffaCakes118

Files

bece0a9eccecbfc82f25546f4ee66ec1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd93d77d1060c6e9f773b37952a5ea38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

winspool.drv

OpenPrinterA
DocumentPropertiesA
ord204

kernel32

HeapAlloc
SetFilePointer
GetStringTypeW
GetStdHandle
GetModuleHandleA
OpenMutexW
MultiByteToWideChar
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
HeapCreate
GetCommandLineW
WaitForSingleObject
InterlockedDecrement
GetEnvironmentStringsW
LCMapStringW
CreateDirectoryW
RtlUnwind
SetEnvironmentVariableA
GetCPInfo
GetFileSize
Sleep
GetLocaleInfoW
GetCurrentProcessId
SetLastError
GetModuleFileNameA
UnhandledExceptionFilter
GetProcAddress
GetTimeZoneInformation
FreeLibrary
TlsSetValue
WriteConsoleA
GetProcessHeap
HeapSize
GetModuleHandleW
CloseHandle
TlsGetValue
CompareStringA
GetSystemTime
CompareStringW
HeapDestroy
GetOEMCP
IsBadCodePtr
InitializeCriticalSection
LeaveCriticalSection
GetStringTypeA
WideCharToMultiByte
GlobalLock
FreeEnvironmentStringsA
IsValidLocale
LoadLibraryW
TerminateProcess
CreateFileA
FindNextFileW
GetCommandLineA
FreeEnvironmentStringsW
WriteFile
SetStdHandle
SetHandleCount
RaiseException
GetCurrentProcess
FindFirstFileW
GetEnvironmentStrings
ExitProcess
GetVersion
InterlockedIncrement
GetFullPathNameW
GetVersionExW
HeapReAlloc
CreateFileW
GetFileType
GetTickCount
CreateMutexW
FindClose
LoadLibraryA
GetSystemTimeAsFileTime
TlsFree
GetVersionExA
EnterCriticalSection
GetStartupInfoA
VirtualAlloc
GlobalUnlock
TlsAlloc
VirtualFree
InterlockedExchange
GetLocalTime
GetLocaleInfoA
GetLastError
QueryPerformanceCounter
GetACP
GlobalAlloc
VirtualQuery
CreateProcessW
DeleteFileW
DeleteCriticalSection
SetEndOfFile
ReadFile
GetUserDefaultLCID
HeapFree
LCMapStringA
GetModuleFileNameW
GetStartupInfoW
GlobalFree
FlushFileBuffers

shell32

SHGetDesktopFolder
DragAcceptFiles
ShellExecuteW
ord155

gdi32

StartDocA
AbortDoc
SaveDC
GetPolyFillMode
SetWindowOrgEx
SetPixel
CreateDCA
DeleteObject
RestoreDC
CreatePatternBrush
PatBlt
SetViewportOrgEx
GetBkColor
GetTextColor
SetTextColor
CreateFontIndirectA
GetStretchBltMode
GetTextCharsetInfo
ExcludeClipRect
SetBkMode
SetPolyFillMode
GetMapMode
GetStockObject
OffsetRgn

shlwapi

PathAddBackslashA
PathStripToRootA
PathFindExtensionA
PathFileExistsA
PathSkipRootA
PathFindFileNameA
PathRemoveFileSpecA
PathIsUNCA
PathQuoteSpacesA
PathAppendA
PathIsDirectoryA

user32

DestroyCursor
LoadCursorW
DrawIconEx
CreateWindowExW
SystemParametersInfoW
LoadAcceleratorsW
ShowWindow
DefWindowProcW
GetMessageTime
TranslateMessage
DestroyWindow
GetWindow
MapWindowPoints
GetWindowTextW
TabbedTextOutW
UpdateWindow
SetWindowPos
UnregisterClassA
GetDlgItem
GetMenuItemID
SetCursor
MessageBoxW
LoadStringW
DeleteMenu
IsRectEmpty
GetKeyState
BringWindowToTop
RegisterClassExW
GetAncestor
FindWindowW
GetFocus
TrackPopupMenu
IsIconic
WinHelpW
GetWindowRect
SetClipboardData
GetScrollPos
ShowScrollBar
ModifyMenuW
DrawStateW
GetClassInfoW
CreateMenu
OffsetRect
RegisterClassW
InvalidateRgn
SetWindowPlacement
GrayStringW
GetClipboardData
GetSystemMetrics
LoadMenuW
EndDialog
IsWindow
MoveWindow
GetWindowTextLengthW
SetFocus
SetWindowTextW
DestroyIcon
GetMenuItemInfoW
MessageBeep
GetSysColor
CopyIcon
WindowFromPoint

advapi32

RegCreateKeyExW
RegDeleteValueW
RegCreateKeyW
RegCloseKey
RegEnumKeyExW
RegSetValueExW
GetUserNameW
SetSecurityDescriptorDacl
RegQueryValueExW
RegSetValueExA
RegOpenKeyW

wsock32

WSACleanup

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd93d77d1060c6e9f773b37952a5ea38

Headers

File Characteristics

PDB Paths

Imports

winspool.drv

kernel32

shell32

gdi32

shlwapi

user32

advapi32

wsock32

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 468KB - Virtual size: 467KB

.data Size: 116KB - Virtual size: 113KB

.rsrc Size: 140KB - Virtual size: 138KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 468KB - Virtual size: 467KB

.data
Size: 116KB - Virtual size: 113KB

.rsrc
Size: 140KB - Virtual size: 138KB