ce6e0d2d69f11a73bd653ff70737893d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ce6e0d2d69f11a73bd653ff70737893d_JaffaCakes118
Size

244KB
MD5

ce6e0d2d69f11a73bd653ff70737893d
SHA1

97a3005b806ffd8c900857b66ffd2be7a931cfed
SHA256

38276b60896fc84894fcf0617a5fd88e9d4b7389af65f586f22f3a5eada2e83c
SHA512

55df4b251fa28a5b13b564a2273afa97c12b1e3498aed371d6fdec2fdb91e7e6b56b3bcfe0d5f1c9b2e0201e478352b29d4e7e1944f1aa9958a1e3b068e4ac82
SSDEEP

6144:OJCigFH/PMxyVngY3KXGPISSJx09Y59PwM0EU:YQX+yhISSYjMjU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce6e0d2d69f11a73bd653ff70737893d_JaffaCakes118

Files

ce6e0d2d69f11a73bd653ff70737893d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d56e77e6689bc4819fb4970441913f07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
SetCurrentDirectoryA
OpenMutexW
GetSystemDefaultLangID
GetStartupInfoW
GetNumberFormatA
GetSystemDirectoryW
GetCommandLineA
GetOEMCP
ReadDirectoryChangesW
GetProcessHeaps
GetSystemInfo
GetProcAddress
CreateMutexA
FileTimeToSystemTime
GetWindowsDirectoryW
LoadLibraryExA
LoadResource
OpenSemaphoreA
GlobalDeleteAtom
MulDiv
FileTimeToLocalFileTime
lstrcmpiA
RemoveDirectoryA
lstrcmpA
GetCurrentThreadId
OpenFile
lstrcpyW
AddAtomW
GetMailslotInfo
CreateMailslotA
GetEnvironmentVariableA
OpenWaitableTimerA
lstrcpyn
IsValidCodePage
lstrcmpW
lstrcpyA
GetDateFormatA
GetHandleInformation
ReplaceFileW
IsBadWritePtr
GetLogicalDrives
DuplicateHandle
MoveFileW
CreateSemaphoreA
GlobalFindAtomA
IsBadStringPtrW
lstrcmp
IsBadCodePtr
GetEnvironmentStringsA
GetShortPathNameA
SetComputerNameW
lstrcpynA
DosDateTimeToFileTime
GetCurrentThread
GetTickCount
GetLogicalDriveStringsA
Sleep
LoadLibraryW
IsBadReadPtr
GetCurrentDirectoryA
GetModuleHandleA
ExpandEnvironmentStringsW
CreateDirectoryW
SetEvent
GetComputerNameA
MoveFileA
CompareFileTime
IsValidLocale
FindAtomA
SetCalendarInfoA
GetFileAttributesA
GetLongPathNameW

user32

EndDialog
GetActiveWindow
UnregisterClassW
CreateDialogIndirectParamA
DialogBoxParamA
WaitForInputIdle
AppendMenuA
GetMenuItemInfoA

gdi32

RemoveFontResourceExW
GetStockObject
CreatePalette
CreateMetaFileA
GetTextExtentPointW
CreateDIBPatternBrush
RemoveFontResourceExA
CreateBitmap
ExtCreateRegion
GetEnhMetaFileA
StretchDIBits
CreateBitmapIndirect
CreateRoundRectRgn
CreatePen
UpdateICMRegKeyW
RemoveFontResourceW
GetEnhMetaFilePixelFormat
CreateScalableFontResourceA
UpdateICMRegKeyA
GdiGetBatchLimit
SetEnhMetaFileBits
CreatePolyPolygonRgn
GetMetaFileA
CreateFontA
CreateICA
CreateDIBSection

shell32

StrCmpNA
SHGetDiskFreeSpaceExA
ExtractAssociatedIconExW
ExtractIconW
StrRStrA
SHGetDiskFreeSpaceExW
ShellExecuteEx

comdlg32

PrintDlgExA
ReplaceTextW
GetOpenFileNameW
FindTextW
GetSaveFileNameW
ChooseFontA
FindTextA
PrintDlgA

ws2_32

socket

wininet

CommitUrlCacheEntryA
FindFirstUrlCacheEntryExA
RetrieveUrlCacheEntryStreamW

winmm

waveOutBreakLoop
midiStreamPosition
mmioStringToFOURCCA
joyGetPosEx
mmioOpenA
DefDriverProc
timeKillEvent
mixerGetDevCapsW
midiInGetErrorTextA

wsock32

GetTypeByNameA
dn_expand
rresvport
rexec
GetNameByTypeA
WSAAsyncGetHostByAddr
listen
WSAAsyncGetProtoByName
WSACleanup
WSACancelBlockingCall
getsockopt
WSAStartup
sendto
NPLoadNameSpaces
__WSAFDIsSet
MigrateWinsockConfiguration
WSAAsyncGetHostByName
gethostbyaddr
bind

Sections

.Zs
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.w
Size: 2KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zHjPGy
Size: 4KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YtVPM
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CWZ
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.M
Size: 4KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rL
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KJE
Size: 9KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oFwgb
Size: 5KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d56e77e6689bc4819fb4970441913f07

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ws2_32

wininet

winmm

wsock32

Sections

.Zs Size: 4KB - Virtual size: 4KB

.w Size: 2KB - Virtual size: 166KB

.zHjPGy Size: 4KB - Virtual size: 369KB

.YtVPM Size: 91KB - Virtual size: 91KB

.CWZ Size: 12KB - Virtual size: 12KB

.M Size: 4KB - Virtual size: 50KB

.rL Size: 88KB - Virtual size: 88KB

.KJE Size: 9KB - Virtual size: 217KB

.oFwgb Size: 5KB - Virtual size: 445KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 1024B - Virtual size: 1024B

.Zs
Size: 4KB - Virtual size: 4KB

.w
Size: 2KB - Virtual size: 166KB

.zHjPGy
Size: 4KB - Virtual size: 369KB

.YtVPM
Size: 91KB - Virtual size: 91KB

.CWZ
Size: 12KB - Virtual size: 12KB

.M
Size: 4KB - Virtual size: 50KB

.rL
Size: 88KB - Virtual size: 88KB

.KJE
Size: 9KB - Virtual size: 217KB

.oFwgb
Size: 5KB - Virtual size: 445KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 1024B - Virtual size: 1024B