de405477a1dccf60d9191bacdba66288_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

de405477a1dccf60d9191bacdba66288_JaffaCakes118
Size

502KB
MD5

de405477a1dccf60d9191bacdba66288
SHA1

01581af546a23725ae8100e462f82af0e46ca76c
SHA256

7e005db8db0711f6d956096179e5103939983192aed893440dfc249090175a5f
SHA512

059b14ada073a39bea2eb0e7b0534207ff745209d6b301dce7b0b753f5aeb7b48c5889ed8972a6af623deba739efe0b8d208c66588fe380fca8f515e8d0d2818
SSDEEP

12288:mpp9a/0i8vVxb4Y8i//f41qxWNzY3Ne89D:mp7YT8dV4DiXG8WlY3Nr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de405477a1dccf60d9191bacdba66288_JaffaCakes118

Files

de405477a1dccf60d9191bacdba66288_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3e79fd490c366dcdb143a0715af35632

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

RealShellExecuteExA
ShellExecuteExA
FindExecutableA
SHGetDataFromIDListA
DragQueryPoint
SHGetNewLinkInfo
DragAcceptFiles
SHChangeNotify
SheGetDirExW
SHAddToRecentDocs
InternalExtractIconListW
DoEnvironmentSubstA
ExtractIconA
ExtractAssociatedIconExW
SheChangeDirW
SHUpdateRecycleBinIcon
SHGetSpecialFolderLocation
FreeIconList
CheckEscapesW
ExtractIconResInfoW
SheRemoveQuotesA
ExtractAssociatedIconA
SHFormatDrive
SHQueryRecycleBinW
SheShortenPathW
SheConvertPathW
ShellHookProc
SHGetFileInfo
SheChangeDirExW
SheRemoveQuotesW
SheGetDirA
DragQueryFileAorW
SHFileOperationW
SheGetCurDrive
ShellExecuteEx
ExtractIconResInfoA
SheChangeDirExA
SHGetInstanceExplorer
CheckEscapesA
RealShellExecuteW
SHGetSettings
SHInvokePrinterCommandA
SheGetPathOffsetW
RealShellExecuteExW
DragQueryFileA
SHFileOperation
ShellAboutA
SheFullPathA
SHEmptyRecycleBinW
SHInvokePrinterCommandW
SHFreeNameMappings
SHGetSpecialFolderPathW
ShellExecuteW
ExtractAssociatedIconW
SHFileOperationA
ShellExecuteExW
FindExecutableW
DoEnvironmentSubstW
ExtractIconEx
SHGetFileInfoA
SHGetMalloc
ExtractIconW

advapi32

CryptReleaseContext
LookupPrivilegeValueW
RegEnumValueA
CryptEncrypt
CryptVerifySignatureA
RegQueryMultipleValuesA
CreateServiceA
CryptAcquireContextA
CryptDestroyKey
CryptDuplicateHash
CryptCreateHash
CryptGetProvParam
RegRestoreKeyA
RegDeleteValueW
InitializeSecurityDescriptor
CryptHashData
CryptSetKeyParam
CryptExportKey
RegSaveKeyW
LookupPrivilegeDisplayNameW
GetUserNameW
CryptGetUserKey
ReportEventA
CryptSignHashA
DuplicateTokenEx
RegCreateKeyExA
StartServiceA
CryptAcquireContextW
CryptSetProvParam
RegQueryValueA
RegEnumKeyW
RegQueryValueExW
CryptSetProviderExA
CryptSetProviderA
RegSaveKeyA
RegQueryValueExA
LookupPrivilegeValueA
LookupAccountNameA
CryptEnumProvidersA
LookupPrivilegeNameW
RegEnumKeyExA
CryptGetDefaultProviderA
RegCloseKey
RegOpenKeyExA
CryptDeriveKey
RegQueryValueW
RegDeleteValueA
CryptSetProviderExW
RegSetValueA
CryptGenKey
RegSetKeySecurity
CryptSetProviderW
RegCreateKeyW
RegFlushKey
CryptEnumProviderTypesW
InitiateSystemShutdownW
AbortSystemShutdownA
RegQueryInfoKeyW
CryptDecrypt
RegReplaceKeyW
CryptEnumProvidersW
LookupAccountSidW
RegLoadKeyW
CryptGetDefaultProviderW
RegEnumKeyExW
GetUserNameA
StartServiceW
CryptSetHashParam
InitiateSystemShutdownA
RegOpenKeyExW
RegCreateKeyExW
RegQueryMultipleValuesW
LookupSecurityDescriptorPartsW
RegEnumKeyA
CryptGetHashParam
RegQueryInfoKeyA
CryptDuplicateKey
RegOpenKeyA
CreateServiceW
LogonUserA
LogonUserW
RegNotifyChangeKeyValue
AbortSystemShutdownW
ReportEventW
RegDeleteKeyW
CryptHashSessionKey
RegOpenKeyW
LookupSecurityDescriptorPartsA
RegEnumValueW
RegSetValueW
RegCreateKeyA
LookupAccountNameW
RegSetValueExA
RegLoadKeyA
RegConnectRegistryW
LookupPrivilegeNameA
CryptGetKeyParam
CryptSignHashW
CryptContextAddRef
CryptImportKey
RegDeleteKeyA
LookupAccountSidA
RevertToSelf
RegReplaceKeyA

wsock32

inet_ntoa
ioctlsocket
socket
sendto
WSACancelAsyncRequest
ord1104
ord1102
getsockname
select
setsockopt
ord1000
WSAAsyncGetHostByName

Sections

.text
Size: 281KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e79fd490c366dcdb143a0715af35632

Headers

File Characteristics

Imports

shell32

advapi32

wsock32

Sections

.text Size: 281KB - Virtual size: 281KB

.data Size: 220KB - Virtual size: 220KB

.text
Size: 281KB - Virtual size: 281KB

.data
Size: 220KB - Virtual size: 220KB