2d29f7236977242f9b74cccb870c175f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2d29f7236977242f9b74cccb870c175f_JaffaCakes118
Size

331KB
MD5

2d29f7236977242f9b74cccb870c175f
SHA1

1f1e9194251eedf6f7acd4543b9dbbdbd9aa23e0
SHA256

509224f76c6a97ab6dd5b33002699143452d6e038bb71bfa825bb5f9871486b6
SHA512

9df05daf4f6592951c51faa5cb122e8ee1e6bca2717d33a005ef4e8a12449428bfdb6368e8fe6ab0b9aacf5faaf320b4cfd6243b7f727258096db841132f59e0
SSDEEP

6144:f08EgrfRwZITCrj52JqEO+LPTEWKvkqBzS+YBSTk3f:f23P5ObLYW1q12M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d29f7236977242f9b74cccb870c175f_JaffaCakes118

Files

2d29f7236977242f9b74cccb870c175f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

33b816dab6ab47d2360125cffbb4cc5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventA
GetFileType
PulseEvent
SetEndOfFile
IsDBCSLeadByte
GetCommandLineA
LoadLibraryExA
WaitForSingleObject
lstrlenA
GetCurrentThreadId
LCMapStringA
GetCurrentDirectoryA
MoveFileA
GetOEMCP
SetHandleCount
SetFilePointer
GetStdHandle
ReadFile
CreateThread
SetStdHandle
lstrcpyA
HeapAlloc
EnterCriticalSection
FindResourceA
TlsGetValue
FlushFileBuffers
HeapFree
DeleteCriticalSection
FileTimeToSystemTime
WriteFile
TlsFree
FindFirstFileA
LCMapStringW
GetModuleHandleA
GetDriveTypeA
GetProcessHeap
GetACP
FreeLibrary
CloseHandle
GetFullPathNameA
LockResource
GetSystemTimeAsFileTime
GetThreadLocale
SetEnvironmentVariableA
RaiseException
lstrlenW
RtlUnwind
CompareStringW
EnumSystemLocalesA
SetUnhandledExceptionFilter
LoadResource
VirtualProtect
FindClose
UnhandledExceptionFilter
TlsAlloc
SetLastError
SizeofResource
lstrcmpiA
FreeEnvironmentStringsA
IsValidLocale
CreateFileA
GetTimeZoneInformation
CompareStringA
GetUserDefaultLCID
IsValidCodePage
HeapReAlloc
LocalFree
VirtualQuery
HeapSize
IsBadCodePtr
HeapDestroy
TlsSetValue
LeaveCriticalSection
GetSystemInfo
lstrcatA
VirtualFree
WideCharToMultiByte
VirtualAlloc
FormatMessageA
FreeEnvironmentStringsW
lstrcpynA
DeleteFileA
HeapCreate

ole32

CoTaskMemFree
StringFromGUID2
ProgIDFromCLSID
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

advapi32

RegDeleteKeyA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegEnumKeyExA

user32

CharNextA
wsprintfA
LoadStringA
CharUpperBuffA

shlwapi

PathFindExtensionA

oleaut32

SafeArrayDestroy
SetErrorInfo
SysFreeString
SysAllocString
CreateErrorInfo
SafeArrayGetUBound
RegisterTypeLi
LoadTypeLi
VariantInit
SafeArrayUnlock
UnRegisterTypeLi
GetErrorInfo
SysAllocStringLen
SafeArrayCreate
VarUI4FromStr
SysStringByteLen
SafeArrayCopy
SafeArrayGetVartype
VariantCopy
DispCallFunc
VariantCopyInd
SysAllocStringByteLen
SafeArrayGetLBound
LoadRegTypeLi
VariantChangeType
VarBstrCmp
VariantClear
SafeArrayLock
SysStringLen
SafeArrayRedim

cmutil

CmAtolW
CmLoadImageW
CmFmtMsgW
CmStripPathAndExtW
CmStrStrA
CmStrCpyAllocA
CmStripFileNameW

mycomput

DllRegisterServer
DllCanUnloadNow

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 308KB - Virtual size: 683KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33b816dab6ab47d2360125cffbb4cc5a

Headers

File Characteristics

Imports

kernel32

ole32

advapi32

user32

shlwapi

oleaut32

cmutil

mycomput

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 308KB - Virtual size: 683KB

.rsrc Size: 512B - Virtual size: 4KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 308KB - Virtual size: 683KB

.rsrc
Size: 512B - Virtual size: 4KB