11e5cf23cc4021d4411fb61630307698_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

11e5cf23cc4021d4411fb61630307698_JaffaCakes118
Size

643KB
MD5

11e5cf23cc4021d4411fb61630307698
SHA1

fd7ca1c681df0b5552623e44f33b7b5844eb920c
SHA256

06c2859eeaa7c515c6751a74222041f7b91f6d9eae47703174c950228b5bd6b9
SHA512

f58aa662eacb48bae9729e534aa4559eb2803a98d84d1ff465402dda5210e25dbb83904bc67aa0df4599d64e4b289c8946a92e3c81b3a424c3071501d94d68bb
SSDEEP

6144:HqDRlRtK03Kr79fGIk0IvoaK1f7W8DM+UAMBhPzptzU2aCP5y/2hC:HYRlRkOa7pG0rPbDwhrnzBaCBlhC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11e5cf23cc4021d4411fb61630307698_JaffaCakes118

Files

11e5cf23cc4021d4411fb61630307698_JaffaCakes118
.exe windows:4 windows x86 arch:x86

245459f8c8d0d896355a0795220fa664

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
GetPrivateProfileSectionW
CreateDirectoryA
LoadLibraryExA
SetVolumeLabelA
GetProfileIntA
ReadConsoleOutputA
GetVersion
ReadDirectoryChangesW
GetComputerNameW
CompareStringW
GetModuleFileNameW
OpenMutexA
LoadResource
_lopen
SetThreadPriorityBoost
SetEndOfFile
ExitProcess
GlobalReAlloc
ReleaseMutex
IsDBCSLeadByteEx
LocalLock
CreateEventA
SetSystemTime
MoveFileW
GetProcessHeap
GetACP
GetSystemTimeAdjustment
GetOEMCP
SetThreadLocale

gdi32

EndDoc
GetRgnBox
PathToRegion
SetBitmapDimensionEx
SetPixelFormat
GetClipRgn

comdlg32

ReplaceTextA
GetOpenFileNameW

ole32

OleSetMenuDescriptor
CoRegisterMallocSpy
OleSaveToStream
CoLockObjectExternal

ws2_32

WSAConnect
gethostbyaddr
ntohl
getservbyname
WSAGetServiceClassInfoW
select
WSALookupServiceNextW
WSAAccept
WSASetBlockingHook
WSASetLastError

shell32

SHGetPathFromIDListA
SHAddToRecentDocs
SHGetSpecialFolderLocation
ShellExecuteA

user32

SystemParametersInfoW
SendDlgItemMessageA
IsDialogMessageW
MapVirtualKeyExW
GetClassNameA
IsCharLowerW
SetParent
CloseClipboard
ChangeMenuA
GetMessageExtraInfo
LoadKeyboardLayoutA
EmptyClipboard

advapi32

CryptExportKey
OpenEventLogW
OpenSCManagerW
NotifyBootConfigStatus
QueryServiceConfigA
AllocateAndInitializeSid
InitiateSystemShutdownA
GetSidLengthRequired
AccessCheckAndAuditAlarmW
SetTokenInformation
LookupPrivilegeDisplayNameA
ControlService
MakeSelfRelativeSD
RegEnumValueA
CryptReleaseContext

msvcrt

wcslen
fputc
_ismbblead
remove
_spawnlp
_open
iswprint
_stricmp
strncmp
strtod
_strnicmp
wcscpy
abort
swscanf
setbuf
_write
wcstombs
isupper
iswxdigit
_wstrtime
_mbsicmp
_wopen
__doserrno
_ltow
ceil
__p___argc
putchar

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

245459f8c8d0d896355a0795220fa664

Headers

File Characteristics

Imports

kernel32

gdi32

comdlg32

ole32

ws2_32

shell32

user32

advapi32

msvcrt

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 323KB - Virtual size: 323KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 323KB - Virtual size: 323KB

.rsrc
Size: 10KB - Virtual size: 9KB