d30ac539b9a9e9361b3fcca9e0fa02ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d30ac539b9a9e9361b3fcca9e0fa02ab_JaffaCakes118
Size

383KB
MD5

d30ac539b9a9e9361b3fcca9e0fa02ab
SHA1

65f34ed5502fe1c42f2b977131d7335f96ad878c
SHA256

1e36dc10b54687bc0734ac4ca69bdd956921b18f0de4baa78745b8b5a19815a5
SHA512

95ea1334cc8df9ae943f555f3f7a6c289af74b951e5a1fd7a7626494a2776eb83ef1f9752c7f9a430ea99ffa59d66ebb85ab6276b223d1d785fa7252dad91331
SSDEEP

6144:aQeY1ZB6anO4YnYlXPXIZ1TGb5Ia+95e7vatrnHahQVbtv7nn95xmLzupXws8ohb:mYh1nObnYlXPXIZ1TGb5Ia+9bhHauVpl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d30ac539b9a9e9361b3fcca9e0fa02ab_JaffaCakes118

Files

d30ac539b9a9e9361b3fcca9e0fa02ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96951081a28044ef0e3694ba7e80670d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateToken
AbortSystemShutdownA
RegOpenKeyW
RegCreateKeyExW
CryptDestroyKey
RegDeleteKeyW
RegEnumKeyA
LookupAccountSidA
RevertToSelf
LookupSecurityDescriptorPartsA
CryptSetProviderW
DuplicateTokenEx
StartServiceA
CryptEnumProviderTypesW
CryptGenRandom
CryptCreateHash
RegDeleteValueA
LogonUserA
RegSetValueExW
LookupPrivilegeValueA
RegCreateKeyA
RegSaveKeyW
CryptDuplicateHash
GetUserNameW

wininet

FtpOpenFileA
IsUrlCacheEntryExpiredW
SetUrlCacheGroupAttributeW
InternetGetCertByURL
InternetUnlockRequestFile
ShowClientAuthCerts
GopherCreateLocatorW
DeleteUrlCacheEntry
InternetTimeFromSystemTime
HttpSendRequestW
InternetShowSecurityInfoByURL
InternetFindNextFileA
InternetShowSecurityInfoByURLA
InternetGetConnectedState
HttpEndRequestA
InternetHangUp
FtpRenameFileA
FreeUrlCacheSpaceA
HttpSendRequestExW
HttpQueryInfoW
UnlockUrlCacheEntryStream
SetUrlCacheEntryGroupA
HttpAddRequestHeadersW
UnlockUrlCacheEntryFile
CreateUrlCacheContainerW

shell32

SHEmptyRecycleBinW
SHGetDesktopFolder
SHUpdateRecycleBinIcon
CommandLineToArgvW
FindExecutableA
ExtractIconW
SHBrowseForFolderA
ExtractIconExA
RealShellExecuteW
ExtractAssociatedIconA
RealShellExecuteExW
SHFreeNameMappings
SheGetDirA
DoEnvironmentSubstA
RealShellExecuteA
ShellExecuteExA
DragAcceptFiles
FindExecutableW

gdi32

CreateICW
GetTextExtentExPointW
GetColorSpace
GetTextAlign
GdiSetBatchLimit
PolyBezier
GetCharWidthW
CloseEnhMetaFile
GetCharABCWidthsA

kernel32

RtlUnwind
WritePrivateProfileSectionW
GetTickCount
LoadLibraryA
VirtualQuery
ExitProcess
DebugActiveProcess
CreateThread
HeapFree
GetCurrentProcess
SetCurrentDirectoryW
EnumCalendarInfoA
HeapReAlloc
FreeEnvironmentStringsA
FormatMessageW
EnumSystemCodePagesA
GetFullPathNameA
FoldStringA
GetModuleHandleA
LocalFree
GetSystemTimeAsFileTime
HeapAlloc
GetLastError
GetProcessAffinityMask
GetProcAddress
IsValidCodePage
CreateMutexW
VirtualAlloc
TerminateProcess
VirtualAllocEx
GetCurrentProcessId
SetLocaleInfoW
InterlockedExchange
lstrcpyA
QueryPerformanceCounter
GetWindowsDirectoryA
GetProfileIntW
GetModuleFileNameA
GetCurrentThreadId

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96951081a28044ef0e3694ba7e80670d

Headers

File Characteristics

Imports

advapi32

wininet

shell32

gdi32

kernel32

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 265KB - Virtual size: 265KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 265KB - Virtual size: 265KB

.rsrc
Size: 4KB - Virtual size: 4KB