2a42dda598049093ff4baf030fd28a66_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2a42dda598049093ff4baf030fd28a66_JaffaCakes118
Size

256KB
MD5

2a42dda598049093ff4baf030fd28a66
SHA1

82f50eb7f396391d9e99872f751ecf772b4eea7f
SHA256

6a2295c7a05d115423ecfa49e97c0c2404edd70bc5fcb80caf49b913bd941e32
SHA512

84233a06db582a8540504eb03a2adb2a29bd55e5255eecaf02130e1315214fa387d7c698e7884e3cfedf128265b2c23775f7a2dc66d6a4ebd27842d720738b59
SSDEEP

3072:hfGW2tt+QJyamrADVR52fGftSHFP5RLmDRvViaSj3BxE9WME:hf63LyamxISj89K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a42dda598049093ff4baf030fd28a66_JaffaCakes118

Files

2a42dda598049093ff4baf030fd28a66_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eca21c4a1a5726dfe6f2c436b07dfa8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsWow64Process
CommConfigDialogW
GetConsoleCursorInfo
LocalUnlock
DebugBreak
GetPrivateProfileSectionW
MultiByteToWideChar
WriteProcessMemory
HeapValidate
GetDevicePowerState
CreateMutexW
SearchPathA
GetModuleHandleA
LoadLibraryA
lstrcmpA
lstrlenA
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetModuleHandleW
ExitProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
SetFilePointer
GetFileType
SetHandleCount
ReadFile
CloseHandle
GetModuleFileNameA
GetStdHandle
WriteFile
Sleep
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA

imm32

ImmConfigureIMEA
ImmIsIME
ImmGetDefaultIMEWnd
ImmSetOpenStatus
ImmGetOpenStatus
ImmGetCandidateListCountW
ImmGetCompositionStringW
ImmSetCompositionFontW
ImmSetCandidateWindow
ImmGetCandidateListA
ImmConfigureIMEW
ImmSetCompositionWindow
ImmGetConversionListA
ImmGetDescriptionW
ImmIsUIMessageW
ImmGetContext
ImmSetCompositionFontA
ImmGetCompositionFontA
ImmDestroyContext
ImmGetCompositionWindow
ImmEscapeW
ImmGetImeMenuItemsW
ImmEnumRegisterWordW

msi

ord71
ord261
ord215
ord10
ord223
ord109
ord136
ord126
ord95
ord227
ord7
ord259
ord209
ord204
ord81
ord190
ord66
ord194
ord205
ord93
ord243
ord195
ord59
ord154
ord180
ord252
ord130
ord179
ord173
ord212
ord275
ord43
ord55
ord217
ord244
ord189
ord60
ord193
ord45
ord131
ord210
ord113
ord249
ord5
ord218
ord176
ord208
ord247
ord177
ord38
ord68
ord276
ord111
ord246
ord272
ord90
ord241
ord157
ord107
ord14
ord101
ord86
ord203
ord15
ord84
ord42
ord240
ord40
ord88
ord214

msimg32

GradientFill

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 194KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eca21c4a1a5726dfe6f2c436b07dfa8c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

imm32

msi

msimg32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 194KB - Virtual size: 200KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 194KB - Virtual size: 200KB