2b6ddee2a4f1ea42a1cc7fce5e09c069_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2b6ddee2a4f1ea42a1cc7fce5e09c069_JaffaCakes118
Size

293KB
MD5

2b6ddee2a4f1ea42a1cc7fce5e09c069
SHA1

9fad060b6aaf4f7184b13b4ecb2b8b75c41b1ee5
SHA256

d0ae17f505b3f52d9530e27e01c7becb0fc6c4accc63db27fb645a515437c1ef
SHA512

e937ed03680687fffb14f9971d6b32e0290158d9752c2379c2501c4a67587f32639efe4be6adc127655300d8323356960073d6112582c92371e7b23c36d287c8
SSDEEP

6144:qNwYOYeJpZ15X/wVaTM86j0XaFGLcNYvE26SMM6glM9cOeWbOmEx:GOYeJ/cETYj0XasINjhKMnJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b6ddee2a4f1ea42a1cc7fce5e09c069_JaffaCakes118

Files

2b6ddee2a4f1ea42a1cc7fce5e09c069_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8841a306ef53b5d87d6da058a9cab09c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnhandledExceptionFilter
HeapFree
SetThreadLocale
GetSystemTimeAsFileTime
LockResource
GetACP
GetThreadLocale
FormatMessageW
HeapDestroy
lstrlenW
FindResourceExW
RaiseException
GetProcessHeap
SetUnhandledExceptionFilter
HeapSize
IsDebuggerPresent
HeapReAlloc
DeleteCriticalSection
FindResourceW
EnterCriticalSection
CloseHandle
LoadResource
SizeofResource
GetCurrentThreadId
LeaveCriticalSection
HeapAlloc
HeapCreate
VirtualAllocEx

ole32

CoImpersonateClient
CoCreateInstance
CoRevertToSelf

oleaut32

SafeArrayGetVartype
SafeArrayRedim
VarBstrCat
VariantCopy
SafeArrayCreate
SysAllocStringLen
SafeArrayUnlock
SafeArrayDestroy
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetLBound
VariantInit
VariantCopyInd
SysStringLen
LoadRegTypeLi
SafeArrayLock
SafeArrayGetUBound
LoadTypeLi
SafeArrayCopy
VariantClear
SysAllocString
VarBstrCmp

advapi32

LookupAccountSidW
CopySid
GetLengthSid
GetTokenInformation
EqualSid
ConvertStringSidToSidW
OpenProcessToken
IsValidSid
OpenThreadToken

user32

UnregisterClassA
wsprintfW

userenv

UnloadUserProfile

rtm

RtmCloseEnumerationHandle
RtmEnumerateGetNextRoute
CheckTable
MgmDeInitialize
RtmInsertInRouteList
RtmReleaseEntities
MgmDeRegisterMProtocol
RtmAddRouteToDest
RtmRegisterClient
RtmLockRoute
RtmDeleteRouteToDest
RtmDeleteNextHop

fontext

DllCanUnloadNow

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 261KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8841a306ef53b5d87d6da058a9cab09c

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

advapi32

user32

userenv

rtm

fontext

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 261KB - Virtual size: 650KB

.rsrc Size: 4KB - Virtual size: 10KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 261KB - Virtual size: 650KB

.rsrc
Size: 4KB - Virtual size: 10KB