2bc32da105d93f04dfa13d50e9df6626_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2bc32da105d93f04dfa13d50e9df6626_JaffaCakes118
Size

249KB
MD5

2bc32da105d93f04dfa13d50e9df6626
SHA1

b3482fad192fc5fdb23339df5b3f34d05f949251
SHA256

1dc9ac86134d95ee6349c54934a74e34a1cbc14b31acfa2754f63c85db85009a
SHA512

84a702cd5527cbfc2b598f0fad922ea1f784699ac8894d942f6e1dd7c5119fc999506f3110f0f75b3c957c2ab6d50c48d4bf5913566053ffefb91131e7184aca
SSDEEP

6144:TlkWSGw2F8pmoRTSpJO6yWGxHd+RV+BfHnanAtDBgKHKZMWB:T4l2F8woRTSpJ1Gx9+WNHWA3gV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bc32da105d93f04dfa13d50e9df6626_JaffaCakes118

Files

2bc32da105d93f04dfa13d50e9df6626_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32d3bcbb0bd540dc4a1d0ef4d3161c09

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
FoldStringW
HeapDestroy
FlushViewOfFile
RtlUnwind
GetLocaleInfoW
DeleteCriticalSection
GetCurrentProcess
GetEnvironmentStrings
VirtualAlloc
IsBadWritePtr
GetVersionExA
HeapReAlloc
GetCPInfo
LocalLock
GetACP
GetProcAddress
InitializeCriticalSection
GetModuleFileNameA
CompareStringA
GetLocaleInfoA
ExitProcess
EnumSystemLocalesA
GetLastError
GetStdHandle
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetEnvironmentStringsW
SetConsoleCursorPosition
GetSystemInfo
QueryPerformanceCounter
TlsFree
LCMapStringW
AddAtomW
LCMapStringA
SetLastError
WaitForSingleObjectEx
HeapAlloc
GetCurrentThread
HeapFree
ReadConsoleInputW
WideCharToMultiByte
GetCurrentProcessId
GetModuleHandleW
GetOEMCP
WriteFile
MultiByteToWideChar
GetStringTypeW
SetVolumeLabelW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileSize
UnhandledExceptionFilter
LeaveCriticalSection
FindResourceExA
UnlockFileEx
VirtualProtect
VirtualFree
TlsSetValue
SetSystemTime
GetLongPathNameA
IsValidLocale
lstrcpynA
VirtualAllocEx
GetVolumeInformationW
GetStringTypeA
GetProcAddress
FreeEnvironmentStringsW
GetCommandLineA
SetEnvironmentVariableA
HeapCreate
InterlockedExchange
GetTimeFormatA
TlsGetValue
GetDateFormatA
VirtualQuery
TlsAlloc
SetHandleCount
CreateProcessW
HeapSize
GetCurrentThreadId
GetTimeZoneInformation
MoveFileExA
TerminateProcess
EnterCriticalSection
GetUserDefaultLCID
SetConsoleTitleA
GetModuleHandleA
IsValidCodePage
GetFileType

wininet

ShowX509EncodedCertificate
InternetGetConnectedState
FtpOpenFileA
InternetSetDialState
FindNextUrlCacheContainerW
GetUrlCacheConfigInfoA
InternetCombineUrlW
InternetQueryOptionA
RetrieveUrlCacheEntryStreamW
DeleteUrlCacheEntryW
FtpDeleteFileW
FtpCommandA

shell32

DragAcceptFiles
ExtractAssociatedIconExW
SHAddToRecentDocs
SHFileOperationW
ShellAboutW
SHLoadInProc

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32d3bcbb0bd540dc4a1d0ef4d3161c09

Headers

File Characteristics

Imports

kernel32

wininet

shell32

Sections

.text Size: 107KB - Virtual size: 106KB

.data Size: 134KB - Virtual size: 134KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 107KB - Virtual size: 106KB

.data
Size: 134KB - Virtual size: 134KB

.rsrc
Size: 7KB - Virtual size: 6KB