e03467f245a29ca49a12b096a87c25a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e03467f245a29ca49a12b096a87c25a7_JaffaCakes118
Size

545KB
MD5

e03467f245a29ca49a12b096a87c25a7
SHA1

2aa53688ff158896645c484826313b869284a12e
SHA256

fe3deea535fffd428176151a545d837ba400f8cbb6b9976f137bdaba5b9f9c05
SHA512

aa48246d4437d7d6473075aa099f940edbd41f4e00e6efad160f452d8d7b129c8043084f356011ddf823c99ea86cb25bd235ad5a5bf2c9507b9edfc5ab91d08f
SSDEEP

6144:JK0euDXacuBWEyxKhsI0CsxM8QBqYTSuge7LBqbeaexbW8ygjlAFcvs0zMjCRiiS:J7aTBdP/ee4yb/WFcvs0zh+zLQDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e03467f245a29ca49a12b096a87c25a7_JaffaCakes118

Files

e03467f245a29ca49a12b096a87c25a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ddc5aa38db93bd59d0cb9e4b14206783

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
OpenMutexA
VirtualFree
GetTickCount
GetStringTypeW
GetUserDefaultLCID
HeapSize
GetStartupInfoW
GetModuleFileNameA
MultiByteToWideChar
TlsFree
EnumSystemLocalesA
InterlockedExchange
HeapAlloc
GetStdHandle
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
HeapReAlloc
WriteFile
SetLastError
HeapDestroy
CompareStringA
SetFilePointer
GetFileType
WideCharToMultiByte
ExitProcess
VirtualQuery
GetCurrentThread
CreateMutexA
LCMapStringA
ReadFile
GetEnvironmentStrings
FlushFileBuffers
VirtualAlloc
LoadLibraryA
GetCurrentProcessId
GetModuleFileNameW
TlsGetValue
HeapCreate
FreeEnvironmentStringsW
IsValidCodePage
HeapFree
CompareStringW
GetSystemTimeAsFileTime
GetLocaleInfoW
TlsSetValue
GetCurrentThreadId
GetDateFormatA
GetCommandLineW
GetACP
GetEnvironmentStringsW
LeaveCriticalSection
FreeEnvironmentStringsA
GetVersionExA
GetStartupInfoA
GetStringTypeA
IsBadWritePtr
SetHandleCount
GetModuleHandleA
EnterCriticalSection
SetStdHandle
GetSystemInfo
GetLastError
GetCurrentProcess
LCMapStringW
GetTimeZoneInformation
TerminateProcess
GetProcAddress
VirtualProtect
CloseHandle
GetCPInfo
GetTimeFormatA
SetEnvironmentVariableA
QueryPerformanceCounter
SleepEx
IsValidLocale
UnhandledExceptionFilter
GetCommandLineA
RtlUnwind
GetOEMCP

advapi32

RegOpenKeyW
AbortSystemShutdownW
CryptSetKeyParam
CryptReleaseContext
LogonUserW

user32

ReleaseCapture
GetClassNameA
DlgDirSelectExA
RegisterClassA
RegisterClassExA
EndDeferWindowPos
ScrollDC
LoadAcceleratorsW
GetMenuItemID
GetComboBoxInfo
GrayStringA
FillRect
SetWindowsHookExW
DestroyCaret
CharUpperW
CharUpperA
PtInRect
GetGuiResources
GetWindowLongA
LoadIconW
SetDlgItemInt
GetClassInfoExA
SetWinEventHook
FindWindowExW
ValidateRgn

comctl32

InitCommonControlsEx

gdi32

SetMagicColors
CopyEnhMetaFileW
CreateDIBitmap
PaintRgn
SaveDC
RestoreDC
GetWindowExtEx
CreateSolidBrush
UpdateICMRegKeyA
GetNearestPaletteIndex
GdiPlayDCScript
CreateBitmap
GetMetaFileBitsEx
GetWindowOrgEx
SetBkColor
GetBrushOrgEx
EnumFontFamiliesExA
BeginPath
UpdateColors
SetICMMode
EqualRgn

Sections

.text
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddc5aa38db93bd59d0cb9e4b14206783

Headers

File Characteristics

Imports

kernel32

advapi32

user32

comctl32

gdi32

Sections

.text Size: 210KB - Virtual size: 209KB

.rdata Size: 8KB - Virtual size: 14KB

.data Size: 315KB - Virtual size: 315KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 210KB - Virtual size: 209KB

.rdata
Size: 8KB - Virtual size: 14KB

.data
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 10KB - Virtual size: 9KB