2ad5672eefb3219623f7ed64cde4c8b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ad5672eefb3219623f7ed64cde4c8b5_JaffaCakes118
Size

454KB
MD5

2ad5672eefb3219623f7ed64cde4c8b5
SHA1

e6e3be282a317e00e2f46fd3495d32b164104d54
SHA256

0a131c95efb310ec7f62f036bdd7f757597c5fb7347a7154cfe388514a24e53d
SHA512

68d11c646a00fce5d77c14ab2c24e66ea370adb941ef69335838bbb96a18a155985fa430d2110721178572e5de10e90d7d07ec0a8c8312c17d756f2f5f03fa5b
SSDEEP

12288:6rj3+pS1o6OrP491ATozxdDG1BdoD/Sl5CovCZPjf8DA:I7OToHGpoD/Sl5CovCFjSA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ad5672eefb3219623f7ed64cde4c8b5_JaffaCakes118

Files

2ad5672eefb3219623f7ed64cde4c8b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bfac9b595bc4ce5580d4c3f50d84ebc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
HeapDestroy
CreateEventA
GetFullPathNameW
GetOEMCP
GetCurrencyFormatA
HeapAlloc
LoadLibraryA
GetVersionExW
VirtualFree
GetAtomNameA
ReadConsoleOutputAttribute
SetFileAttributesW
FreeEnvironmentStringsA
InterlockedExchange
TlsGetValue
CreateFileW
GetStringTypeW
GetVersion
GetFileAttributesExA
GetCommandLineA
GetACP
HeapCreate
GetCPInfo
SetConsoleCtrlHandler
LCMapStringA
GetFileType
GetStringTypeA
GetProcAddress
SetLocaleInfoW
GetStdHandle
HeapFree
VirtualAllocEx
FreeEnvironmentStringsW
GetMailslotInfo
LCMapStringW
VirtualQuery
UnhandledExceptionFilter
LeaveCriticalSection
WriteFile
GlobalFree
MultiByteToWideChar
GlobalDeleteAtom
GetLastError
HeapReAlloc
TlsSetValue
ExitProcess
GetStartupInfoA
SetLocaleInfoA
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
TlsAlloc
GetModuleHandleA
GetEnvironmentStrings
SetHandleCount
SetLastError
GetCurrentThreadId
RtlUnwind
InitializeCriticalSection
EnterCriticalSection
GetEnvironmentStringsW
GetCurrentProcessId
GetModuleFileNameA
TlsFree
DeleteCriticalSection
GlobalCompact
GetTickCount
IsBadWritePtr
GetProfileIntA
GetCurrentThread
GetSystemTimeAsFileTime
WideCharToMultiByte

comdlg32

ChooseColorA
FindTextA
ReplaceTextW
PrintDlgA
ChooseFontA
GetOpenFileNameW
ReplaceTextA
PageSetupDlgW
GetSaveFileNameA
ChooseFontW
GetOpenFileNameA
PageSetupDlgA
PrintDlgW
ChooseColorW

wininet

SetUrlCacheEntryGroup
FtpSetCurrentDirectoryA
InternetSetDialState
InternetCreateUrlW
GetUrlCacheGroupAttributeA
FtpRenameFileA
DeleteUrlCacheEntryW
FindNextUrlCacheContainerA
FreeUrlCacheSpaceW
GopherOpenFileW
InternetCrackUrlA
LoadUrlCacheContent
FtpGetCurrentDirectoryA
InternetGoOnlineA
InternetGetConnectedStateExA
FtpGetFileW
InternetErrorDlg
FtpCreateDirectoryA
FtpPutFileW
FindNextUrlCacheEntryA
DetectAutoProxyUrl
InternetCheckConnectionA

advapi32

RegSetValueExA
RegRestoreKeyW
LookupSecurityDescriptorPartsA
LookupPrivilegeNameA
LookupAccountSidA
CryptAcquireContextW
RegEnumKeyA
LookupPrivilegeDisplayNameW
LookupPrivilegeDisplayNameA
RegLoadKeyW
RegCreateKeyExW
CryptDestroyKey
RegQueryValueExA
CryptDuplicateHash
DuplicateTokenEx
CryptGetProvParam
CryptEnumProvidersW

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfac9b595bc4ce5580d4c3f50d84ebc3

Headers

File Characteristics

Imports

kernel32

comdlg32

wininet

advapi32

Sections

.text Size: 136KB - Virtual size: 135KB

.data Size: 305KB - Virtual size: 304KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 136KB - Virtual size: 135KB

.data
Size: 305KB - Virtual size: 304KB

.rsrc
Size: 12KB - Virtual size: 12KB