2b9e99b092c421667bedad1459fb75fb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b9e99b092c421667bedad1459fb75fb_JaffaCakes118
Size

71KB
MD5

2b9e99b092c421667bedad1459fb75fb
SHA1

4a676eebbc82b5149cdb016b59e70e977ad4548a
SHA256

f05c2ed20436834fa4d63b80e575e025fe53407fe76752c0230dccb02ff9f102
SHA512

8bd614e4abe1a28b36046ec8b83165dde3c4aeb3bcf89b13cec88c9a00e4578c4d5a8d50569825c85978bacd4cff9572785b47e4e8592c76f9c92b90e08de328
SSDEEP

1536:RbvO2TgylH7mEUPnFeU7JQ9wAM5Dt+FWZf9d7hS3:RbWqfH7cfF777AM5IEf963

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b9e99b092c421667bedad1459fb75fb_JaffaCakes118

Files

2b9e99b092c421667bedad1459fb75fb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3dd27bc15df2286167f078ee9926935b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

modemui

drvCommConfigDialogA
CountryRunOnce
drvGetDefaultCommConfigA

msimg32

vSetDdrawflag
TransparentBlt
GradientFill
AlphaBlend

shlwapi

UrlCombineA
UrlIsNoHistoryW
UrlUnescapeA
UrlCanonicalizeA
UrlHashA
UrlEscapeA
UrlIsOpaqueA
PathCombineA
UrlCreateFromPathA
UrlIsA
PathCompactPathA

user32

IsDialogMessageA
DrawIcon
DialogBoxParamA
LoadCursorA
GetWindowLongA
GetPropA
GetCaretPos
LoadImageA
PostMessageA
IsWindow
SetCursorPos
DispatchMessageA

advapi32

ControlService
RegEnumValueA
IsValidSid
RegFlushKey
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegCloseKey
IsTextUnicode
RegQueryValueA
CreateServiceA
InitializeSid
IsValidSecurityDescriptor
ClearEventLogA
RegDeleteValueA

nddeapi

NDdeShareAddA
NDdeShareSetInfoA
NDdeShareGetInfoA

kernel32

GetGeoInfoA
ReadFile
GetConsoleTitleA
GetModuleHandleA
GetPrivateProfileIntA
GetDateFormatA
GetProcessId
FormatMessageA
lstrcpynA
HeapValidate
GetStringTypeA
DeviceIoControl
GetBinaryTypeW
GetPrivateProfileStructW
VirtualAllocEx
GetComputerNameA
SetFilePointer
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentProcess
WaitForSingleObject
GetNumberFormatW
GetTimeFormatA
GetVersionExA
CloseHandle
GetProcessHeap
CreateDirectoryA
GetFullPathNameA
CreateNamedPipeA

certcli

CAEnumFirstCA
CACloseCA
CADeleteCA
CACloseCertType

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 881B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dd27bc15df2286167f078ee9926935b

Headers

DLL Characteristics

File Characteristics

Imports

modemui

msimg32

shlwapi

user32

advapi32

nddeapi

kernel32

certcli

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 881B

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 881B

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 11KB - Virtual size: 10KB