16bbbeac556b489acb5e60631678da80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16bbbeac556b489acb5e60631678da80_JaffaCakes118
Size

468KB
MD5

16bbbeac556b489acb5e60631678da80
SHA1

843f48d21407f1658c21589e7189ae3a55c1cbbf
SHA256

d27cf8ec606d375ddc902da1a3d24afb8fa2c1f57a278719afefe01a2461b5bf
SHA512

ed204a936d4dc1766be8fd59d4796aaed5b5901cbd4a876f5c5f161c0b6c50e51d92551fd5009ead747ee032c119604915721b217ff1e13c78863ad9fdb3cc57
SSDEEP

12288:5LWgMgWrqFGN9/03GxmQL5J5i/i7zNEmhT3P7HlPyU4+mE:YuAZB5dP7HdyXd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16bbbeac556b489acb5e60631678da80_JaffaCakes118

Files

16bbbeac556b489acb5e60631678da80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2fb9b1d29bdf22f52586eed8aeb336f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CascadeWindows
ScreenToClient
DdeReconnect

comdlg32

FindTextW
GetSaveFileNameA

wininet

InternetShowSecurityInfoByURLA
ShowSecurityInfo
RetrieveUrlCacheEntryFileW
GopherCreateLocatorA
InternetConfirmZoneCrossingW
FindNextUrlCacheContainerW
FtpRenameFileA
InternetQueryDataAvailable

advapi32

CryptEnumProvidersA
CryptSetProviderExW
CreateServiceW
RegLoadKeyW
InitializeSecurityDescriptor
RegFlushKey
GetUserNameW
CryptSetProviderW
LogonUserW
RegQueryMultipleValuesA
LookupAccountSidW
CryptGenKey
LookupPrivilegeNameW
RegSetValueExA

kernel32

GetProcessHeap
GetStartupInfoA
GetLastError
GetModuleFileNameW
GetVersionExA
GetStringTypeW
GetACP
InterlockedIncrement
GetOEMCP
GetModuleHandleA
GetTickCount
LCMapStringA
GetFileType
lstrcpynA
GetCommandLineW
WriteFile
GetCPInfo
IsValidLocale
lstrlenA
FlushInstructionCache
GetStringTypeA
LoadLibraryA
FreeEnvironmentStringsA
GetEnvironmentStringsW
GetDateFormatA
GetCurrentThreadId
GetPrivateProfileSectionNamesW
SetHandleCount
GetCurrentProcessId
CreateThread
SetUnhandledExceptionFilter
HeapDestroy
CreateMutexW
GetCurrentProcess
GetCommandLineA
FreeResource
RtlUnwind
CloseHandle
TerminateProcess
HeapAlloc
GetDateFormatW
DeleteCriticalSection
VirtualAlloc
SetConsoleScreenBufferSize
EnterCriticalSection
WaitForMultipleObjectsEx
GetUserDefaultLCID
HeapSize
FreeEnvironmentStringsW
WideCharToMultiByte
FreeLibrary
SetEnvironmentVariableA
InterlockedExchange
MultiByteToWideChar
HeapReAlloc
Sleep
SetLastError
GetSystemTimeAsFileTime
InterlockedDecrement
VirtualQuery
GetStartupInfoW
EnumSystemLocalesA
TlsFree
OpenEventA
VirtualFree
GetStdHandle
TransmitCommChar
LCMapStringW
QueryPerformanceCounter
ExitProcess
InitializeCriticalSection
LeaveCriticalSection
CompareStringW
HeapFree
GetLocaleInfoW
GetTimeZoneInformation
TlsSetValue
LocalFlags
IsDebuggerPresent
TlsGetValue
IsValidCodePage
GetLocaleInfoA
GetCurrentThread
GetEnvironmentStrings
CompareStringA
GetTimeFormatA
FindResourceExA
HeapCreate
GetModuleFileNameA
UnhandledExceptionFilter
CompareFileTime
SetConsoleCtrlHandler
GetProcAddress
LockResource
IsBadReadPtr
TlsAlloc

gdi32

GetRandomRgn

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fb9b1d29bdf22f52586eed8aeb336f3

Headers

File Characteristics

Imports

user32

comdlg32

wininet

advapi32

kernel32

gdi32

Sections

.text Size: 147KB - Virtual size: 146KB

.data Size: 311KB - Virtual size: 311KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 147KB - Virtual size: 146KB

.data
Size: 311KB - Virtual size: 311KB

.rsrc
Size: 9KB - Virtual size: 8KB