e21c368d0be3fa9694baa296e48e9d44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e21c368d0be3fa9694baa296e48e9d44_JaffaCakes118
Size

572KB
MD5

e21c368d0be3fa9694baa296e48e9d44
SHA1

b8736c1647bdb80674270851d112aa496670d11b
SHA256

9632f79009a2b6e51cd9543c3b01733d7bcc6fa7934d4cfcb9f239f11e7f3fdd
SHA512

7ad8e99936852937476d82d543c35ef23ee3873311c7acd3e28dd59cff2449d3abf8b0b18a07756c13ff3e56af44834cfd3d3a884847b348675310d7f5cdcb02
SSDEEP

12288:RpM5kmEpjJEZ8jqVeJ4qIRZ7tAVXbe6M93+/veS:RpMWUeUeWbRLAR498vl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e21c368d0be3fa9694baa296e48e9d44_JaffaCakes118

Files

e21c368d0be3fa9694baa296e48e9d44_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5390a0ac1a862ec3b3f67bd3edf36718

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

RetrieveUrlCacheEntryStreamW
InternetErrorDlg
HttpCheckDavCompliance
FtpSetCurrentDirectoryA
SetUrlCacheConfigInfoW
GetUrlCacheGroupAttributeA
InternetTimeFromSystemTimeW
InternetInitializeAutoProxyDll

kernel32

HeapSize
GetCurrentThread
WriteConsoleA
CompareStringW
InterlockedDecrement
SetEnvironmentVariableA
InitializeCriticalSection
TlsGetValue
InterlockedExchange
CreateFileA
GetTimeZoneInformation
GetStringTypeW
CompareStringA
GetDateFormatA
EnumDateFormatsExW
HeapCreate
GetCurrentProcessId
GetStartupInfoA
LoadLibraryA
GetACP
GetTimeFormatA
FlushFileBuffers
GetVersionExA
GetCommandLineA
UnhandledExceptionFilter
FreeLibrary
DeleteCriticalSection
WriteConsoleW
GetPrivateProfileSectionA
HeapReAlloc
GetModuleHandleA
GetStdHandle
FreeEnvironmentStringsW
TerminateProcess
LeaveCriticalSection
GetCurrentThreadId
SetUnhandledExceptionFilter
DuplicateHandle
IsValidLocale
FreeEnvironmentStringsA
EnterCriticalSection
WideCharToMultiByte
HeapDestroy
LCMapStringW
EnumSystemLocalesA
GetConsoleOutputCP
HeapFree
TlsFree
FlushInstructionCache
InterlockedIncrement
OpenMutexA
GetLocaleInfoA
ReadConsoleOutputCharacterA
SetStdHandle
GetModuleFileNameW
GetTickCount
GetModuleFileNameA
GetFileType
GetCPInfo
SetHandleCount
CreateMutexA
GetLocaleInfoW
CloseHandle
GetOEMCP
SetTimeZoneInformation
TlsAlloc
GetStartupInfoW
VirtualQuery
ReadFile
VirtualFree
GetEnvironmentStringsW
TlsSetValue
MultiByteToWideChar
HeapAlloc
GetLastError
VirtualAlloc
GetEnvironmentStrings
SetFilePointer
GetProcAddress
GetCurrentProcess
LCMapStringA
RtlUnwind
GetUserDefaultLCID
GetConsoleMode
OpenWaitableTimerW
SetLastError
GetStringTypeA
WriteFile
IsValidCodePage
GetConsoleCP
GetCommandLineW
Sleep
SetConsoleCtrlHandler
QueryPerformanceCounter
GetWindowsDirectoryW
ExitProcess
IsDebuggerPresent
GetSystemTimeAsFileTime
GetProcessHeap

user32

ShowWindow
RegisterClipboardFormatA
RegisterClassExA
DragObject
RegisterClassA
CreateIconIndirect
IsDialogMessage
GetWindowThreadProcessId
GetAncestor
DefWindowProcW
GetDlgItemTextW
DestroyWindow
MessageBoxW
FindWindowW
RemovePropW
DrawStateA
OemKeyScan
CreateWindowExW

advapi32

CryptDuplicateHash
CreateServiceW
LookupPrivilegeValueA
CryptHashData
LookupAccountNameA
CryptGetUserKey
CryptGetDefaultProviderW
DuplicateToken
CryptSetHashParam
RegQueryInfoKeyA
CryptReleaseContext
CryptImportKey
CryptVerifySignatureW
LookupSecurityDescriptorPartsA
CryptExportKey
InitiateSystemShutdownA
LookupPrivilegeDisplayNameW
CryptDeriveKey
CryptContextAddRef
RegQueryValueA
CryptEncrypt
RegEnumValueA

shell32

SHGetDiskFreeSpaceA
SheSetCurDrive
DoEnvironmentSubstA

comctl32

ImageList_Duplicate
CreateToolbarEx
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_Read
ImageList_DragShowNolock
CreatePropertySheetPageA
InitCommonControlsEx
DrawStatusText
CreatePropertySheetPage
_TrackMouseEvent

Sections

.text
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5390a0ac1a862ec3b3f67bd3edf36718

Headers

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

comctl32

Sections

.text Size: 191KB - Virtual size: 190KB

.rdata Size: 207KB - Virtual size: 218KB

.data Size: 111KB - Virtual size: 111KB

.rsrc Size: 61KB - Virtual size: 61KB

.text
Size: 191KB - Virtual size: 190KB

.rdata
Size: 207KB - Virtual size: 218KB

.data
Size: 111KB - Virtual size: 111KB

.rsrc
Size: 61KB - Virtual size: 61KB