ced018fa160dd3917883525f6a3d4f81_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ced018fa160dd3917883525f6a3d4f81_JaffaCakes118
Size

403KB
MD5

ced018fa160dd3917883525f6a3d4f81
SHA1

329c6ff8a973b35b057ab795244aac8fb5d73385
SHA256

e332b313626682c1a8f345140e1537c944042a909cba0ff2cac6fd81b70fd57a
SHA512

5c9219c3600361037d89c24b4eb86b3cac036878c30a4996bd6e3423480f97c57ce4480766ab66d1eaca350fbdf195e810d9c9df3502678affa1c4ea0fd9416c
SSDEEP

6144:acFJKRbzIMsYBW8QWSNpudYFBUagub77OiR/j2nB6YM1Qljo8uG/P+RBUtg2:ixIY4WSNpuQBU3ub/tR/jAtu80U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ced018fa160dd3917883525f6a3d4f81_JaffaCakes118

Files

ced018fa160dd3917883525f6a3d4f81_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2816c60fbae822d715fa7c879890eab5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
LCMapStringA
GetSystemDefaultLangID
DeleteCriticalSection
EnumSystemLocalesA
GetSystemDirectoryA
GetACP
GetCalendarInfoA
InterlockedExchange
GetEnvironmentStrings
WriteFile
LeaveCriticalSection
GetCurrentThread
TlsGetValue
GetProcAddress
TlsAlloc
GetConsoleScreenBufferInfo
GetCPInfo
SetLastError
WideCharToMultiByte
SetCurrentDirectoryW
GetStdHandle
ExitProcess
GetCalendarInfoW
GetVersion
VirtualUnlock
GetOEMCP
InitializeCriticalSection
LCMapStringW
FindNextChangeNotification
GetEnvironmentStringsW
SetConsoleTitleA
HeapAlloc
GetCommandLineW
TerminateProcess
GetCurrentProcess
GetStringTypeA
FreeEnvironmentStringsA
IsBadWritePtr
SetHandleCount
GetStringTypeW
TlsFree
RtlUnwind
GetStartupInfoA
TlsSetValue
GetSystemTimeAsFileTime
HeapFree
SetConsoleMode
FoldStringW
GetLastError
GetNumberFormatA
GetFileType
FindFirstFileA
MultiByteToWideChar
OpenSemaphoreA
GetCommandLineA
QueryPerformanceCounter
GetModuleHandleA
HeapReAlloc
GetModuleFileNameA
LoadLibraryA
HeapDestroy
WriteConsoleInputW
HeapCreate
VirtualFree
OutputDebugStringW
EnterCriticalSection
UnhandledExceptionFilter
GetCurrentThreadId
GetTickCount
GetProcessHeap
FreeEnvironmentStringsW
VirtualAlloc
PulseEvent
WriteConsoleOutputW
VirtualQuery

wininet

InternetConfirmZoneCrossingA
HttpAddRequestHeadersW
InternetGetConnectedStateEx
InternetCreateUrlA
UnlockUrlCacheEntryFile

shell32

RealShellExecuteExW
ShellHookProc
SHAddToRecentDocs
SHGetDataFromIDListA
ShellAboutW

advapi32

CryptGetHashParam
CryptSignHashW
RegSaveKeyW
RegSetValueExW
RegSetValueExA
CryptDuplicateKey
GetUserNameW
RegSaveKeyA
LookupAccountSidW
CryptDuplicateHash
RegReplaceKeyW
LookupSecurityDescriptorPartsW
LookupPrivilegeValueA
RegDeleteKeyA
CryptGetDefaultProviderA
CryptEnumProviderTypesW
CryptHashData

gdi32

GetCharABCWidthsW
GetDeviceGammaRamp

user32

GetCursor
GetKeyNameTextA
MsgWaitForMultipleObjectsEx

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2816c60fbae822d715fa7c879890eab5

Headers

File Characteristics

Imports

kernel32

wininet

shell32

advapi32

gdi32

user32

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 4KB - Virtual size: 10KB

.data Size: 276KB - Virtual size: 275KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 4KB - Virtual size: 10KB

.data
Size: 276KB - Virtual size: 275KB

.rsrc
Size: 7KB - Virtual size: 7KB