fa96a8921c37fd37022c5aecaa70531c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fa96a8921c37fd37022c5aecaa70531c_JaffaCakes118
Size

394KB
MD5

fa96a8921c37fd37022c5aecaa70531c
SHA1

b329a860be545fd2b4c2394c110e215e8630b5b6
SHA256

4523a7e3a6ed7ddd6d99087afad50f81a7e81a7e81928216eca61afb3a230f5c
SHA512

49f882fd597c727c791dad6c85a523eefbe759eddca22b6fbf3dc241c37a9a65dbfdd00f9073847a0b80695e3939bae5442a743f9ebe26dd369fae90dfd8bed3
SSDEEP

6144:XnkkLGLiMkyraDJOC96pdOmgO7UCSwW5VeA9tfZbRZXw/mibphLC8+ouDW:XnfLTFy+EHGVeiZ9ZXub3LCOuD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa96a8921c37fd37022c5aecaa70531c_JaffaCakes118

Files

fa96a8921c37fd37022c5aecaa70531c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c780959a458dfccdda5d4200bbb7ddc1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegSaveKeyW
RegSaveKeyA
RegQueryValueW
RegEnumKeyA
CryptEncrypt
CreateServiceA
RegOpenKeyExA
RegConnectRegistryW
RegSetValueW
LookupSecurityDescriptorPartsW
CryptSetProviderExA
CryptVerifySignatureW
RegCreateKeyExA

gdi32

GetDeviceGammaRamp

shell32

SHQueryRecycleBinW
RealShellExecuteExA
SHGetSpecialFolderPathW
FindExecutableW
SHFreeNameMappings
SHFileOperation
ExtractAssociatedIconA
DragAcceptFiles
RealShellExecuteA
SHGetSpecialFolderPathA
FreeIconList
SHGetDataFromIDListA
SHInvokePrinterCommandA
ShellAboutA
SHAppBarMessage
SHEmptyRecycleBinA
SHGetInstanceExplorer
SHChangeNotify
SHAddToRecentDocs

wininet

InternetGetCookieW
InternetSetDialState
InternetSetDialStateA
SetUrlCacheHeaderData
InternetCreateUrlW
RetrieveUrlCacheEntryStreamA
SetUrlCacheEntryInfoW
SetUrlCacheConfigInfoW
InternetSetOptionW
InternetOpenUrlW
DeleteIE3Cache
InternetInitializeAutoProxyDll
GopherGetAttributeW
UnlockUrlCacheEntryFileW
FtpGetFileSize
InternetTimeFromSystemTime
HttpSendRequestW
FindFirstUrlCacheEntryA
GopherCreateLocatorW
InternetCheckConnectionA

kernel32

GetDiskFreeSpaceExW
HeapReAlloc
GetNamedPipeInfo
FindNextFileW
RtlUnwind
GetVolumeInformationA
GetFullPathNameA
GetThreadPriority
LoadLibraryA
RtlMoveMemory
GetModuleFileNameA
GetCurrentProcessId
GetConsoleCP
VirtualAlloc
DeleteFiber
GetProcAddress
InterlockedExchangeAdd
GetPrivateProfileIntW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetLongPathNameA
GetTickCount
lstrlenA
HeapAlloc
ExitProcess
ReadConsoleOutputCharacterW
InterlockedIncrement
GetModuleHandleA
QueryPerformanceCounter
GetUserDefaultLangID
InterlockedExchange
VirtualQuery
HeapFree
GetSystemTimeAsFileTime
SetFileAttributesW
RemoveDirectoryW
MoveFileW

comdlg32

GetFileTitleW
PrintDlgW
GetOpenFileNameA
ReplaceTextA
ReplaceTextW
FindTextA
ChooseColorA
FindTextW
ChooseColorW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c780959a458dfccdda5d4200bbb7ddc1

Headers

File Characteristics

Imports

advapi32

gdi32

shell32

wininet

kernel32

comdlg32

Sections

.text Size: 118KB - Virtual size: 118KB

.data Size: 264KB - Virtual size: 263KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 118KB - Virtual size: 118KB

.data
Size: 264KB - Virtual size: 263KB

.rsrc
Size: 11KB - Virtual size: 10KB