1471686a3b83acc2853f9b5dc22eb0c5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1471686a3b83acc2853f9b5dc22eb0c5_JaffaCakes118
Size

464KB
MD5

1471686a3b83acc2853f9b5dc22eb0c5
SHA1

3c80c63c939486e36ce694ddfb2bd09e15ad02b2
SHA256

f6c76a104273e8f004b5d892676d92532cad918126afa72efb2dbf7ed99ea7cb
SHA512

32116c5ad64acd6eeb342c1380df65b99c4696b613a843a01461f2428df547ef15168a8053e07de70496035e438002f07114b4732593cd52d9c7dbd309c6a4bd
SSDEEP

12288:svWTA/BbLErW3NiJEAlKEgp/ICrAyQ58q1X9udN2:nTAf3M6ANehrAyQR1Xeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1471686a3b83acc2853f9b5dc22eb0c5_JaffaCakes118

Files

1471686a3b83acc2853f9b5dc22eb0c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de93bbdfe6c213db8599079de252b6c1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ReplaceTextA
PrintDlgA
ChooseColorA
GetFileTitleA
PageSetupDlgA
ReplaceTextW
PrintDlgW
GetSaveFileNameA
ChooseColorW
GetOpenFileNameW
FindTextA
GetOpenFileNameA
LoadAlterBitmap

user32

GetClipboardSequenceNumber
SetActiveWindow

advapi32

RegFlushKey
CryptCreateHash
RegRestoreKeyA
RegRestoreKeyW
CryptSetProvParam
CryptSetHashParam
RegOpenKeyA
RegEnumValueA
RegCreateKeyExA
CryptEncrypt
CryptEnumProviderTypesW
RegOpenKeyW
RegSaveKeyW
RegQueryValueExW
RegEnumKeyW
LookupSecurityDescriptorPartsA
RegDeleteKeyA
RegSetKeySecurity
RegEnumKeyExW
CryptHashSessionKey

wininet

ReadUrlCacheEntryStream
FindNextUrlCacheGroup
InternetCloseHandle
InternetQueryFortezzaStatus
InternetGetConnectedStateEx
InternetSetOptionExA
FtpPutFileEx
HttpSendRequestExA
FindNextUrlCacheContainerW
FindFirstUrlCacheEntryExW
DeleteUrlCacheEntryW
LoadUrlCacheContent
SetUrlCacheEntryInfoA
InternetSetCookieW
InternetCombineUrlW
SetUrlCacheGroupAttributeW
HttpAddRequestHeadersW
UnlockUrlCacheEntryFileA
CommitUrlCacheEntryW
DeleteUrlCacheEntry
InternetDialW
FindFirstUrlCacheEntryW
InternetInitializeAutoProxyDll

kernel32

InterlockedIncrement
GetCalendarInfoW
GetOEMCP
TlsFree
GetTempPathW
SetUnhandledExceptionFilter
HeapDestroy
GetModuleHandleA
GetCurrentThreadId
GetEnvironmentStrings
GetCurrentProcessId
GetVolumeInformationA
InitializeCriticalSection
MultiByteToWideChar
GetCPInfo
CompareStringA
Sleep
GetProcAddress
WriteFile
GetCurrentProcess
GetStringTypeW
GetProcessHeap
TlsGetValue
SetConsoleCP
GetACP
HeapSize
FreeEnvironmentStringsA
GetUserDefaultLCID
TerminateProcess
GetTimeFormatA
GetEnvironmentStringsA
IsValidLocale
GetSystemTimeAsFileTime
IsValidCodePage
GetTickCount
FreeLibrary
GetLocaleInfoW
HeapLock
WriteFileEx
WriteConsoleOutputCharacterA
GetVersionExA
LocalReAlloc
HeapReAlloc
SetLastError
GetLocaleInfoA
UnhandledExceptionFilter
GetCommandLineA
LeaveCriticalSection
FindResourceW
CompareStringW
LoadLibraryA
TlsSetValue
SetHandleCount
GetFileType
GetEnvironmentStringsW
TlsAlloc
WriteProfileSectionW
GetStringTypeA
GetStdHandle
VirtualFree
GetNamedPipeHandleStateA
CreateEventW
EnterCriticalSection
ExitProcess
GetTimeZoneInformation
HeapCreate
VirtualQuery
HeapAlloc
LocalFlags
VirtualAlloc
InterlockedExchange
HeapFree
GetStartupInfoA
EnumSystemLocalesA
TerminateThread
GetModuleFileNameA
RtlUnwind
SetEnvironmentVariableA
DeleteCriticalSection
SetConsoleCtrlHandler
IsDebuggerPresent
LCMapStringA
WideCharToMultiByte
InterlockedDecrement
LCMapStringW
QueryPerformanceCounter
GetLastError
GetDateFormatA
FreeEnvironmentStringsW
GetCurrentThread

shell32

RealShellExecuteExA
SHGetDiskFreeSpaceA
SHAddToRecentDocs
SHEmptyRecycleBinA
ShellExecuteEx
ExtractIconExW
ExtractIconExA
SHGetDataFromIDListA
SHBrowseForFolder
SHGetNewLinkInfo
ExtractIconA
SHGetFileInfoA
CommandLineToArgvW
SHGetDataFromIDListW
SHGetPathFromIDList
DoEnvironmentSubstW
ExtractAssociatedIconExW
ShellExecuteExW
DragAcceptFiles
SHLoadInProc

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de93bbdfe6c213db8599079de252b6c1

Headers

File Characteristics

Imports

comdlg32

user32

advapi32

wininet

kernel32

shell32

Sections

.text Size: 138KB - Virtual size: 138KB

.data Size: 311KB - Virtual size: 310KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 138KB - Virtual size: 138KB

.data
Size: 311KB - Virtual size: 310KB

.rsrc
Size: 13KB - Virtual size: 13KB