2b4d7d3cca17c55d316f8311f4f3a30e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b4d7d3cca17c55d316f8311f4f3a30e_JaffaCakes118
Size

270KB
MD5

2b4d7d3cca17c55d316f8311f4f3a30e
SHA1

21c5138d97ad8ad280c24b2ecc4bac9a0b242538
SHA256

06ca34c2ca545508b67275e37f40f5bc17e16526eeca4d14b722e8becf490b9f
SHA512

161ebe18bb5e881044e54f00ee4b920b0ab42da3d92037ea6ec3a79bd2ddd45889fce63f34ed505e2e193fcc4415d76aaa291e295fa38aa0ce23711cc8c7c9f3
SSDEEP

6144:KX9cO+15qeVhxGsU/Glp9Ksr3JrzCBjyqs+cJc:Kt45qOGsUOH9Ksr31WJyqs+cJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b4d7d3cca17c55d316f8311f4f3a30e_JaffaCakes118

Files

2b4d7d3cca17c55d316f8311f4f3a30e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

731523a5295adcf24b34c5fa1d7ec2f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadBitmapW
GetWindowLongA
InvalidateRect
CopyRect
DrawTextExW
SetWindowLongW
DrawFrame
DlgDirSelectExW
ChangeDisplaySettingsExA
OemToCharW
RegisterClassExA
DdeDisconnectList
DdeConnectList
GetDC
InvalidateRgn
DefMDIChildProcW
GetParent
GetNextDlgTabItem
GetListBoxInfo

advapi32

RegDeleteKeyW
LookupAccountNameW
RegQueryMultipleValuesW
RegCloseKey
CryptDeriveKey
CryptDecrypt
RegQueryValueW
LookupPrivilegeValueW
CryptGetKeyParam
CryptGenRandom

comdlg32

ChooseColorA
LoadAlterBitmap
FindTextW

gdi32

GetOutlineTextMetricsA
GdiSetBatchLimit
WidenPath
SetMetaRgn
gdiPlaySpoolStream
GetLogColorSpaceW
AddFontResourceW
EnumEnhMetaFile
GetMiterLimit
DPtoLP
StretchBlt
MoveToEx
MaskBlt
GetRegionData
SetDIBits
Ellipse
CreatePalette
CreateDIBPatternBrush
GetGraphicsMode
CreateBrushIndirect
FixBrushOrgEx
GetDeviceGammaRamp
CreateICW
StrokeAndFillPath

kernel32

TlsGetValue
GetCurrentProcessId
GetStartupInfoA
GetFullPathNameW
LCMapStringA
QueryPerformanceCounter
GetCurrentThread
LCMapStringW
lstrcpyW
GetEnvironmentStrings
lstrlen
RtlUnwind
GetEnvironmentStringsW
VirtualProtect
GetCompressedFileSizeA
VirtualFree
GetTickCount
SetHandleCount
OutputDebugStringW
GetAtomNameW
GetOEMCP
HeapReAlloc
EnumSystemLocalesA
InterlockedExchange
GetProcessAffinityMask
GetModuleHandleA
GetStringTypeW
HeapCreate
InitializeCriticalSection
EnterCriticalSection
PulseEvent
LoadLibraryExW
CreateDirectoryA
GetFileType
FreeEnvironmentStringsW
GetStdHandle
GetSystemTimeAsFileTime
GetProcAddress
WideCharToMultiByte
HeapAlloc
MultiByteToWideChar
HeapDestroy
GetModuleFileNameA
LeaveCriticalSection
OutputDebugStringA
SystemTimeToTzSpecificLocalTime
IsBadReadPtr
HeapFree
TlsFree
IsBadWritePtr
CreateDirectoryW
FindFirstFileExW
UnhandledExceptionFilter
TerminateProcess
WriteConsoleW
GetCurrentProcess
VirtualQuery
TlsAlloc
ConvertDefaultLocale
GetACP
DebugActiveProcess
SetComputerNameA
FreeEnvironmentStringsA
LoadLibraryA
GetCurrentThreadId
WriteFile
ExitProcess
CreateWaitableTimerA
VirtualAlloc
SetLastError
GetCommandLineA
TlsSetValue
GetCPInfo
GetVersion
GetLastError
GetStringTypeA
DeleteCriticalSection
OpenMutexW

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

731523a5295adcf24b34c5fa1d7ec2f0

Headers

File Characteristics

Imports

user32

advapi32

comdlg32

gdi32

kernel32

Sections

.text Size: 125KB - Virtual size: 125KB

.data Size: 132KB - Virtual size: 132KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 132KB - Virtual size: 132KB

.rsrc
Size: 11KB - Virtual size: 10KB