ec10b76ad61dac116a0823c7d29fe783_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ec10b76ad61dac116a0823c7d29fe783_JaffaCakes118
Size

517KB
MD5

ec10b76ad61dac116a0823c7d29fe783
SHA1

706e6ce5df2654dc494adc622b698afa3b41c556
SHA256

5499406d623eef99ff8b1dd292c8d4ce85cedd5692a414c35c333b3e09daf6ac
SHA512

68e83615645f9fe7257b197654ebf8f2649c5fa86d8e1bf75cc3f9ca42edde1506f7be270b477ea754b64537815f27593245c7b84cb6c8a5ba0aa18683563d99
SSDEEP

12288:0V0+LmjFW3Yj4RLhbtEy2luqhqJZzv19tfT:0O+LwHuOyUhqHvl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec10b76ad61dac116a0823c7d29fe783_JaffaCakes118

Files

ec10b76ad61dac116a0823c7d29fe783_JaffaCakes118
.exe windows:4 windows x86 arch:x86

faf3c20ede282f65e34dcf95613f78ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

ClipCursor
InvalidateRect
SetThreadDesktop
GetClipboardViewer
ScrollWindow
SetWindowPlacement
SendMessageA
GetQueueStatus
SetWindowRgn
EnumDisplayDevicesW
DrawCaption
mouse_event
GrayStringA
GetWindowDC
EmptyClipboard
SetParent
ToUnicodeEx
UnhookWindowsHook
GetMessageTime
LoadImageW
RemovePropW
InsertMenuW
GetWindowRect
GetKeyboardLayout
IsZoomed
IntersectRect
MoveWindow
DefDlgProcA
GrayStringW
LookupIconIdFromDirectory

ws2_32

WSAAccept
WSADuplicateSocketA
WSASocketW
WSAAsyncGetProtoByNumber
WSALookupServiceNextW
WSACleanup
WSAConnect
WSASendDisconnect

kernel32

CompareStringW
FatalAppExitA
SetCommTimeouts
SetConsoleTitleA
ReadDirectoryChangesW
GetCommandLineW
lstrcmpiW
ClearCommBreak
EnumResourceNamesW
DebugBreak
FindResourceExW
SetConsoleOutputCP
GetVolumeInformationW
CompareStringA
EnumDateFormatsW
CreateIoCompletionPort
RemoveDirectoryA
ExitProcess
GetUserDefaultLCID
FormatMessageA
GetConsoleCursorInfo
WritePrivateProfileSectionW
GetModuleHandleA
MoveFileW
DeleteCriticalSection
ReleaseSemaphore
OutputDebugStringW
MoveFileExA
GetSystemInfo
SetCommMask
DeleteFiber
IsBadStringPtrA
EnumSystemCodePagesW
GetWindowsDirectoryA
GetVersion
GlobalDeleteAtom
IsDBCSLeadByteEx
WritePrivateProfileStringW
SwitchToFiber
LocalReAlloc
GetModuleFileNameW
GetSystemDirectoryW
SetStdHandle
_lopen
ReleaseMutex
CreateWaitableTimerA
SetErrorMode
CreateMutexA

advapi32

AbortSystemShutdownW
AllocateAndInitializeSid
LogonUserW
BuildSecurityDescriptorW
LookupAccountSidA
CryptDeriveKey
CryptCreateHash
ObjectDeleteAuditAlarmW
GetUserNameA
SetSecurityDescriptorSacl
ChangeServiceConfigW
GetSidIdentifierAuthority
CryptGetKeyParam
ImpersonateLoggedOnUser
SetKernelObjectSecurity
SetSecurityDescriptorDacl
AddAce
GetServiceDisplayNameW
AddAccessDeniedAce
RegQueryValueExA
ReportEventA

msvcrt

mktime
fopen
wcsncmp
_wfopen
realloc
_wgetcwd
_kbhit
_wcslwr
_beginthreadex
freopen
fwrite
strftime
setlocale
srand
_waccess

Sections

.text
Size: 5KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faf3c20ede282f65e34dcf95613f78ba

Headers

File Characteristics

Imports

user32

ws2_32

kernel32

advapi32

msvcrt

Sections

.text Size: 5KB - Virtual size: 221KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 264KB - Virtual size: 264KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 5KB - Virtual size: 221KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 264KB - Virtual size: 264KB

.rsrc
Size: 16KB - Virtual size: 16KB