ea1e30bbce1cab56a77f6214fc4d9ad6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea1e30bbce1cab56a77f6214fc4d9ad6_JaffaCakes118
Size

83KB
MD5

ea1e30bbce1cab56a77f6214fc4d9ad6
SHA1

0b66d835a41b06a1265bf949554cc666b1002adc
SHA256

c83317891963c5b1e3893d95acc0e8efaaa8da2c9b87f16aeb2e0e1d37565e7c
SHA512

8f679c82b5cf4b303d6fb24ab6a45a088f57e7d2a16d92e6558e2de568951b4dff8357fa800e180041a8dcab5185fede6b1a7f299c789fb46040f463de3e3ba5
SSDEEP

1536:dPE+b851abHBUmBi6dZ1o0Tj+9Rggw1BRbFpCP7+2iBwRn1ee+U:v451OGmBdZ1rjGggCBlCPABw11EU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea1e30bbce1cab56a77f6214fc4d9ad6_JaffaCakes118

Files

ea1e30bbce1cab56a77f6214fc4d9ad6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8c56c75675269df8fb1b54b24565e5bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_ftol
swscanf
iswctype
_wcsupr
_wcsicmp
_fmode
_wfopen
fgetws
fclose
localeconv
_local_unwind2
towupper
wcscmp
wcscat
swprintf
wcsstr
wcslen
wcsncpy
wcsrchr
wcschr
wcscspn
??3@YAXPAX@Z
??2@YAPAXI@Z
_wtoi
wcscpy
wcsncat
wcsncmp
memmove

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey

kernel32

FreeLibrary
WideCharToMultiByte
GetLocalTime
FlushFileBuffers
LoadLibraryW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
GetDriveTypeW
DeviceIoControl
SetErrorMode
GetVolumeNameForVolumeMountPointW
GetVolumeInformationW
Sleep
GlobalHandle
GetFileAttributesExW
GetFileInformationByHandle
GetComputerNameW
SetEvent
OpenEventW
ExitThread
GetCommandLineW
CreateThread
GetSystemPowerStatus
GetVersionExW
GetModuleHandleA
GetStartupInfoA
SystemTimeToFileTime
GetCurrentProcess
FormatMessageW
GetLastError
GlobalLock
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalSize
GlobalAlloc
ReadFile
WriteFile
InterlockedIncrement
InterlockedDecrement
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrcpyW
CloseHandle
GetFileSize
CreateFileW
ReleaseMutex
lstrcatW
GetCurrentThreadId
lstrlenW
GetTimeFormatW
GetDateFormatW
WaitForSingleObject
lstrcpynW
SizeofResource
FindResourceW
lstrcmpiW
CompareStringW
ExpandEnvironmentStringsW
lstrcmpW

gdi32

GetStockObject

user32

LoadStringW
CharUpperW
SendMessageW
DestroyWindow
PostMessageW
DefWindowProcW
RegisterClassW
LoadCursorW
CreateWindowExW
SetTimer
KillTimer
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
MessageBoxW

ntdll

NtQueryInformationFile
NtQueryVolumeInformationFile
NtFsControlFile
NtWaitForSingleObject

comctl32

ord17

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoCreateInstanceEx
CLSIDFromString
ReleaseStgMedium
CoInitializeEx
CoRegisterClassObject

vssapi

ord5

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c56c75675269df8fb1b54b24565e5bf

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

ntdll

comctl32

shell32

ole32

vssapi

Sections

.text Size: 78KB - Virtual size: 78KB

.data Size: 2KB - Virtual size: 50KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 78KB - Virtual size: 78KB

.data
Size: 2KB - Virtual size: 50KB

.rsrc
Size: 1KB - Virtual size: 1KB