ef525922a2b3c20e2a506b2ad8c6b0ea_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef525922a2b3c20e2a506b2ad8c6b0ea_JaffaCakes118
Size

182KB
MD5

ef525922a2b3c20e2a506b2ad8c6b0ea
SHA1

c4b20ef247d130bf470bc89dec48aff026d4eab2
SHA256

6a52c7175acc9a89e9099cf564dac66982ace3d288be938a01a4cedd5b89e3ff
SHA512

d9853438184b7721a876fc5580d236e2090321a884fd1ab85da7a0f139f1629bd5cc081b454fa3a11eb3d3487f094230b282d6043d200b78f863426ebc6e9aa8
SSDEEP

3072:T4CWfOx7h7m1uaSlsK2sHFEpHTIA9xLrs0x7XgUh4lYEYQ/D7//vDwRuv:TbuOx7o1uH2sHgT5Lj7SlYlO//vERc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef525922a2b3c20e2a506b2ad8c6b0ea_JaffaCakes118

Files

ef525922a2b3c20e2a506b2ad8c6b0ea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

daf37770d503e33969d1b79f6a676565

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipGetImageWidth
GdipDisposeImage

advapi32

RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
EncryptFileW
DecryptFileW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

user32

GetGUIThreadInfo
AllowSetForegroundWindow
GetPropW
GetWindowThreadProcessId
GetClassNameW
GetForegroundWindow

ole32

CoGetDefaultContext
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree

kernel32

UnmapViewOfFile
LoadLibraryW
EncodePointer
IsWow64Process
GetProcessId
GetFileAttributesW
GetCalendarInfoW
GetProcAddress
OutputDebugStringW
InterlockedCompareExchange
FindNextFileW
CreateFileMappingW
lstrcmpiW
VirtualProtect
SetEnvironmentVariableW
QueryPerformanceCounter
DuplicateHandle
InterlockedExchange
CreateDirectoryW
GetModuleFileNameW
GetLogicalDriveStringsW
MultiByteToWideChar
GetCurrentDirectoryW
QueryDosDeviceW
LocalFree
GetFileSizeEx
SetFileAttributesW
EnumResourceNamesA
WideCharToMultiByte
GetSystemTimeAsFileTime
FindFirstFileW
LocalAlloc
SetLastError
ExitProcess
Sleep
FindClose
MapViewOfFile
EnterCriticalSection
FreeLibrary
GetTickCount
InitializeCriticalSection
GetLastError
UnhandledExceptionFilter
GetModuleHandleA
GetModuleHandleW
ReleaseMutex
GetFileInformationByHandle
OutputDebugStringA
VirtualQuery
SearchPathW
WaitForSingleObject
lstrlenW
GetCurrentProcess
GetCurrentThreadId
OpenProcess
SetUnhandledExceptionFilter
CreateMutexW

shlwapi

PathIsUNCW
StrDupW
SHRegGetValueW
PathGetArgsW
PathSkipRootW
PathFindFileNameW

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daf37770d503e33969d1b79f6a676565

Headers

File Characteristics

Imports

gdiplus

advapi32

user32

ole32

kernel32

shlwapi

Sections

.text Size: 100KB - Virtual size: 100KB

.rdata Size: 3KB - Virtual size: 2KB

.bss Size: 77KB - Virtual size: 76KB

.edata Size: 1024B - Virtual size: 376KB

.text
Size: 100KB - Virtual size: 100KB

.rdata
Size: 3KB - Virtual size: 2KB

.bss
Size: 77KB - Virtual size: 76KB

.edata
Size: 1024B - Virtual size: 376KB