cef3a6a4516f42cdbbc3f4344c178fc1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cef3a6a4516f42cdbbc3f4344c178fc1_JaffaCakes118
Size

642KB
MD5

cef3a6a4516f42cdbbc3f4344c178fc1
SHA1

19a80ca63d430c3ec153bc07e93384a59016ec23
SHA256

6e642cb450ec7645def9a39290e481eb9f939fe4cb07b8540b64aa163d055e0d
SHA512

c7ce52c10cea337aeb15f18c87163ac2ae9bcee534f59b1af9a51887b36d76e0268a5f10140141e84ed9c58070a9a2a935d9292d1df7bb6fac9108b4114ccaba
SSDEEP

12288:NrEd4IBFMaoGP9TekZ5JE7NpyyqtAe9uM03/ueNm8cYXs7COs:504+m2Tek/JE7zqtz0GeNpXv/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cef3a6a4516f42cdbbc3f4344c178fc1_JaffaCakes118

Files

cef3a6a4516f42cdbbc3f4344c178fc1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc409167b09f656755a62cb29e59c55b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
WritePrivateProfileSectionW
SetThreadLocale
AllocConsole
GetSystemTimeAsFileTime
MultiByteToWideChar
lstrcmpA
_lopen
GetCommConfig
VirtualLock
OutputDebugStringW
FormatMessageA
GetTempFileNameA
GetFileAttributesA
GetCurrentProcessId
FindFirstFileExW
VirtualUnlock
GetPrivateProfileSectionW
GetSystemTime
InitializeCriticalSection
FindFirstFileW
GetCommState
CloseHandle
GetHandleInformation
CompareStringW
LocalSize
EnumDateFormatsW
EnumSystemCodePagesW
GetSystemDefaultLangID
FindCloseChangeNotification
UnhandledExceptionFilter
GetModuleFileNameW
CreatePipe
GetCurrentProcess
GetSystemDirectoryW
TryEnterCriticalSection
VirtualAlloc
ReadConsoleA
SetErrorMode
GetUserDefaultLCID
SetStdHandle
IsDBCSLeadByteEx
MoveFileW
SetConsoleWindowInfo
DeleteCriticalSection
_lclose
GetTickCount
CancelIo
CreateDirectoryA
GetCompressedFileSizeW
IsProcessorFeaturePresent
FindResourceExW
SetThreadAffinityMask
GetACP
WaitNamedPipeA
GlobalFindAtomA
GlobalAddAtomA
EndUpdateResourceA
EnumResourceLanguagesW
FatalAppExitA
lstrcpyA
SizeofResource
LoadLibraryExA
SetConsoleActiveScreenBuffer
lstrcpynA
ExitProcess

user32

SystemParametersInfoA
ReplyMessage
PtInRect
OpenIcon
LoadImageA
GetMenuCheckMarkDimensions
GetClassNameW

gdi32

SetTextJustification
ExtCreatePen
GetGlyphOutlineA
FillPath
GetClipBox

comdlg32

PrintDlgW
ChooseColorW

advapi32

ControlService

shell32

ShellExecuteA
ExtractIconExW

ole32

OleBuildVersion
CreateStreamOnHGlobal
StgSetTimes
CreateOleAdviseHolder
CoMarshalInterThreadInterfaceInStream
OleIsRunning
CoInitializeEx
OleSetMenuDescriptor
CoGetInterfaceAndReleaseStream

oleaut32

VariantChangeType
LoadTypeLi
SysStringLen
QueryPathOfRegTypeLi
SafeArrayGetLBound
SafeArrayPutElement
SysAllocStringLen
VariantCopy

comctl32

ImageList_Replace

shlwapi

wnsprintfW
PathRelativePathToA
PathIsRootA
PathRemoveBlanksW
PathFindNextComponentW
StrCatBuffW
SHSetValueA
StrFormatByteSizeA
StrCmpNIA
SHDeleteValueW
StrCmpIW
PathCanonicalizeA
PathCombineW
PathRemoveArgsW
PathQuoteSpacesW
PathFindFileNameA

Sections

.text
Size: 2KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc409167b09f656755a62cb29e59c55b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

shlwapi

Sections

.text Size: 2KB - Virtual size: 219KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 312KB - Virtual size: 311KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 219KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 312KB - Virtual size: 311KB

.rsrc
Size: 17KB - Virtual size: 16KB