2c037363d7c3ea6e5deed8d7cd9b133d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c037363d7c3ea6e5deed8d7cd9b133d_JaffaCakes118
Size

265KB
MD5

2c037363d7c3ea6e5deed8d7cd9b133d
SHA1

8a19f297496a501411acb853fa22eb0529e071b9
SHA256

eed3ad9c32c233c6b0ebaf8bc44d92e897dc5b702912e898d8d7af6a634fcbf5
SHA512

bd637866eee54b87b105ed176043279bc89d1ebac753e62f977669041ba323acbd4d9e32510f6fe2186d157020d7f177a52a0ab54c2971c5710d94a83470df84
SSDEEP

3072:EJoelpq/4sGK5dD+77sEmUNawSRKJkDcniMPeSRThHO6V6IVEXHErtDgZ:EJoelpq/4sr6HsEbdpdiMLddXE3Eru

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c037363d7c3ea6e5deed8d7cd9b133d_JaffaCakes118

Files

2c037363d7c3ea6e5deed8d7cd9b133d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42bdb848d73deea261e92ed0f85b91cb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ExtractAssociatedIconExA
SHBrowseForFolderW
ExtractAssociatedIconW

advapi32

RegCloseKey
LogonUserW
RegOpenKeyExW
LookupSecurityDescriptorPartsA
RegCreateKeyExW
CryptSetHashParam
AbortSystemShutdownA
RegSetValueExA
RegQueryValueW
RegSaveKeyA
RegQueryMultipleValuesA
RegEnumKeyExA
LookupSecurityDescriptorPartsW
RegQueryValueExW
LookupPrivilegeDisplayNameW
StartServiceA
DuplicateToken
RegEnumValueA
RegCreateKeyW
CryptGetProvParam
RegDeleteValueW
LookupPrivilegeNameW
RegSaveKeyW
CryptSetProviderExA
AbortSystemShutdownW

user32

ClientToScreen
GetWindowPlacement
IsCharAlphaA
GetInputState
RealGetWindowClass
PackDDElParam
ReleaseDC
ReuseDDElParam
InsertMenuItemW
GetClassNameW
TabbedTextOutW
GetMenuStringA

comdlg32

FindTextA
GetFileTitleW
PageSetupDlgW
PrintDlgA
PrintDlgW
GetOpenFileNameA

kernel32

IsValidCodePage
GetLocalTime
WideCharToMultiByte
VirtualAlloc
GetOEMCP
GetTimeZoneInformation
UnhandledExceptionFilter
EnumTimeFormatsW
InterlockedExchange
GetLocaleInfoA
HeapCreate
SetEnvironmentVariableA
VirtualProtect
GetModuleHandleA
FreeEnvironmentStringsW
TlsSetValue
GetVersionExA
SetConsoleCtrlHandler
GetProcAddress
FreeLibrary
GetTimeFormatA
EnumSystemLocalesA
EnterCriticalSection
HeapReAlloc
LCMapStringW
HeapDestroy
GetUserDefaultLangID
GetCPInfo
DeleteCriticalSection
HeapFree
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
RemoveDirectoryW
TlsGetValue
GetEnvironmentStrings
HeapSize
IsDebuggerPresent
OpenMutexW
OpenMutexA
InterlockedDecrement
SetLastError
ConnectNamedPipe
GetEnvironmentStringsW
GetTempPathA
IsValidLocale
LeaveCriticalSection
GetFileType
GetStdHandle
LCMapStringA
WriteConsoleInputA
GetCurrentProcessId
MultiByteToWideChar
LoadLibraryA
SetFileTime
ReleaseMutex
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
LoadResource
TerminateProcess
GetFullPathNameA
SetHandleCount
GetACP
FlushFileBuffers
GetCurrentThreadId
GetStringTypeA
CompareStringA
GetCurrentProcess
GetStringTypeW
RtlUnwind
TlsFree
HeapAlloc
GetCalendarInfoA
lstrlen
GetCommandLineA
GetLastError
GetProcessHeap
VirtualFree
GetStartupInfoA
ExitProcess
GetLocaleInfoW
TlsAlloc
VirtualProtectEx
WriteFile
CompareStringW
GetCurrentThread
GetDateFormatA
InterlockedIncrement
VirtualQuery
InitializeCriticalSection
GetModuleFileNameA
Sleep
GetUserDefaultLCID

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42bdb848d73deea261e92ed0f85b91cb

Headers

File Characteristics

Imports

shell32

advapi32

user32

comdlg32

kernel32

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 113KB - Virtual size: 112KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 113KB - Virtual size: 112KB

.rsrc
Size: 2KB - Virtual size: 1KB