0ae07c211d7bc1cd2b8a2aa68ea56b6b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ae07c211d7bc1cd2b8a2aa68ea56b6b_JaffaCakes118
Size

438KB
MD5

0ae07c211d7bc1cd2b8a2aa68ea56b6b
SHA1

6b7e5be1ad097af35e641c99257c272176394e4f
SHA256

12d762aced9c0b5306f7bf6978e50e874c96369459a5500a3e2203c936248a4e
SHA512

161b82f279b1e9e527a58ea5c9a287924d52aa649ff28ed47641df6a7d3c1e33309336ee3c73b2a76f0e72666c1209945c39a79c0434f547f9e38329e4a5c35c
SSDEEP

12288:0tDRUsjqfVd9Rl5K3+q8xXoqZ4iAAg/2H:OYfVD5c+q8WwZg/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ae07c211d7bc1cd2b8a2aa68ea56b6b_JaffaCakes118

Files

0ae07c211d7bc1cd2b8a2aa68ea56b6b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c354ab63b7962d915baf7c3d70f5bc46

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptSetKeyParam
CryptEnumProviderTypesW
RegSetValueW
CryptReleaseContext
RegEnumKeyExA
CryptAcquireContextW
CryptDuplicateKey
CryptSetProviderExA
RegQueryValueExW
CryptGetDefaultProviderW
RegEnumValueA
RegSetValueA
RegLoadKeyA
CryptSignHashA
CryptGetKeyParam
ReportEventA
RegQueryInfoKeyA
CryptGetHashParam
CryptDuplicateHash
RegEnumKeyA
ReportEventW

wininet

InternetGetConnectedState
FindFirstUrlCacheGroup
HttpOpenRequestA
ShowCertificate
InternetWriteFileExW
FindNextUrlCacheContainerW
FtpOpenFileA
FtpSetCurrentDirectoryW
FtpPutFileW
InternetAttemptConnect
InternetFindNextFileA
ReadUrlCacheEntryStream

user32

wvsprintfA
MenuItemFromPoint
SetClassWord
EndTask
SendInput

comdlg32

ReplaceTextA
PrintDlgW
ChooseColorA
GetSaveFileNameA
ChooseColorW

kernel32

GetACP
TerminateProcess
CreateThread
RtlUnwind
MoveFileA
GetStdHandle
CreateProcessW
GetDateFormatA
LoadLibraryA
DeleteCriticalSection
FreeEnvironmentStringsA
HeapDestroy
GetStringTypeW
HeapSize
LCMapStringA
IsValidCodePage
GetLastError
GetSystemInfo
GetCommandLineA
HeapReAlloc
ExitProcess
GetFileAttributesExA
ReadConsoleOutputCharacterA
GetCurrentProcessId
LockFileEx
GetModuleFileNameA
GetModuleFileNameW
GetOEMCP
QueryPerformanceCounter
CompareStringA
EnumSystemCodePagesA
SetHandleCount
HeapCreate
GetCurrentThreadId
GetProcAddress
EnterCriticalSection
GetCurrentThread
SetEnvironmentVariableA
GetFileType
WaitForSingleObject
LCMapStringW
GetTickCount
FreeEnvironmentStringsW
IsValidLocale
lstrcmpA
TlsGetValue
GetLocaleInfoW
GetTimeFormatA
GetModuleHandleA
SetLastError
lstrcatA
WideCharToMultiByte
GetVersionExA
IsBadWritePtr
GetUserDefaultLCID
VirtualAlloc
GetCommandLineW
EnumSystemLocalesW
VirtualFree
OutputDebugStringA
HeapAlloc
InterlockedExchange
InitializeCriticalSection
GetStringTypeA
MultiByteToWideChar
TlsSetValue
TlsFree
GetStartupInfoA
CompareStringW
EnumSystemLocalesA
WriteConsoleA
UnhandledExceptionFilter
VirtualQuery
GetEnvironmentStringsW
GetStartupInfoW
GetEnvironmentStrings
EnumCalendarInfoExA
WriteFile
ReleaseSemaphore
GetLocaleInfoA
DeleteFileW
TlsAlloc
HeapFree
GetPriorityClass
GetSystemTimeAsFileTime
GetCPInfo
GetCurrentProcess
VirtualProtect
GetTimeZoneInformation
LeaveCriticalSection

shell32

SHUpdateRecycleBinIcon
SHInvokePrinterCommandA
ShellExecuteEx
SHInvokePrinterCommandW
SHGetPathFromIDListA

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c354ab63b7962d915baf7c3d70f5bc46

Headers

File Characteristics

Imports

advapi32

wininet

user32

comdlg32

kernel32

shell32

Sections

.text Size: 125KB - Virtual size: 125KB

.data Size: 307KB - Virtual size: 307KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 307KB - Virtual size: 307KB

.rsrc
Size: 4KB - Virtual size: 4KB