c1e1ba4451e08114bc57c8f371f24975_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1e1ba4451e08114bc57c8f371f24975_JaffaCakes118
Size

80KB
MD5

c1e1ba4451e08114bc57c8f371f24975
SHA1

ee129bcfd72e534a7584a91e13e62241ba03b8ea
SHA256

ba2debd8a59d79dc00bac55a7ce5bb7841f43cf8d62e4169d816261113a89332
SHA512

eeff91e9257f2ed450d6102d438795163f091acb9fc8e64ad75505c2e37ea781ff9d240d9f07230a693fb4f1bd69a7f89d565b0918fb3978c5cb94f1b4288530
SSDEEP

1536:6VbBCjPbiZJJS4T2nPnNEs1pJnoG67Yz3hOI18qgOk6:6CKZ52nLpJnoV7YkUTR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1e1ba4451e08114bc57c8f371f24975_JaffaCakes118

Files

c1e1ba4451e08114bc57c8f371f24975_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3307381688bfa0312f917ef1667854d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
CreateFileA
GetPrivateProfileIntA
FindNextFileA
GetVersionExA
DeleteFileA
MoveFileExA
GetWindowsDirectoryA
CopyFileA
HeapFree
HeapAlloc
GetProcessHeap
GetTickCount
GetACP
FreeLibrary
GetProcAddress
LoadLibraryA
SetFileAttributesA
GetFileAttributesA
SetLastError
Sleep
CompareFileTime
WritePrivateProfileStringW
VirtualFree
VirtualAlloc
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
lstrcmpA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
WriteProfileStringA
GetLastError
FindFirstFileA
FindClose
GetModuleFileNameA
lstrcatA
GetEnvironmentStringsW
GetSystemDirectoryA
lstrcmpiA
lstrlenA
WideCharToMultiByte
SetHandleCount
GetEnvironmentStrings
lstrcpyA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
GetOEMCP
GetCPInfo
HeapReAlloc
GetStringTypeW
GetStringTypeA
WriteFile
GetStartupInfoA
MultiByteToWideChar
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
RtlUnwind
GetModuleHandleA
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
LCMapStringA
HeapCreate

user32

DdeClientTransaction
PostMessageA
TranslateMessage
DdeCreateDataHandle
ShowWindow
CreateWindowExA
DispatchMessageA
RegisterClassA
LoadCursorA
DefWindowProcA
PostQuitMessage
DestroyWindow
wsprintfA
LoadStringA
DdeDisconnect
DdeFreeStringHandle
DdeConnect
DdeInitializeA
DdeCreateStringHandleA
UpdateWindow
GetMessageA
DdeUninitialize
DdeGetLastError

gdi32

GetStockObject

winspool.drv

EnumPrintersA
OpenPrinterA
SetPrinterA
ClosePrinter
EnumMonitorsA
AddMonitorA

advapi32

RegFlushKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CreateServiceA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyA
QueryServiceStatus
StartServiceA
ControlService
RegCreateKeyExA

lz32

LZCopy
LZOpenFileA
LZClose

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerFindFileA
VerInstallFileA

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.1rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e3307381688bfa0312f917ef1667854d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

lz32

version

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 992B

.1rdata Size: 20KB - Virtual size: 20KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 992B

.1rdata
Size: 20KB - Virtual size: 20KB