2c978d5f4c3855ce12b5608b4324ac61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c978d5f4c3855ce12b5608b4324ac61_JaffaCakes118
Size

443KB
MD5

2c978d5f4c3855ce12b5608b4324ac61
SHA1

4af9b83c056f78bcf82b75aadf1fc4ae187f8885
SHA256

e3b5f2a2fdd6c1c781e820111587cb1300ffbad0a098057d978f7a5e8f63b19b
SHA512

fafcf924d6d2ad66562344f75bc8244989f894975ca92ae668c44e4cd19eb58b780b0fbf8ca52464616bc4f8a9acecc7daf649df3ce63bc3ad5c6faf5101cda2
SSDEEP

12288:3YyzXUPp/VuQOv6Lk2+NcnDJ01jSs6TXD:3JXUNAnL2Nndy6H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c978d5f4c3855ce12b5608b4324ac61_JaffaCakes118

Files

2c978d5f4c3855ce12b5608b4324ac61_JaffaCakes118
.exe windows:4 windows x86 arch:x86

50ccf58e974d26c3a7ef127dd1214759

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHChangeNotify
ExtractAssociatedIconExA
ShellExecuteEx
SHGetSettings
DoEnvironmentSubstA
ShellHookProc
SHGetFileInfoA
SHQueryRecycleBinW
SHFreeNameMappings
SHAppBarMessage
DragQueryPoint
DragQueryFileA
ExtractAssociatedIconA
ExtractIconExW
SHGetDesktopFolder
SHFileOperationA
DragQueryFileW
SHLoadInProc
ShellExecuteW
SHInvokePrinterCommandW
SHFileOperation
ShellExecuteA

advapi32

LogonUserA
RegQueryValueExW
CryptSetProviderW
RegSetValueA
LookupPrivilegeNameA
RegFlushKey
RegQueryMultipleValuesW
AbortSystemShutdownA
CryptEnumProviderTypesW
InitiateSystemShutdownA
RegLoadKeyA
RegSaveKeyW
ReportEventW
CryptDestroyKey
CryptImportKey

comdlg32

GetOpenFileNameW
GetSaveFileNameA
PageSetupDlgW
GetFileTitleA
ReplaceTextA
ChooseColorW
ChooseFontA
GetOpenFileNameA

gdi32

SetRectRgn
CreateHalftonePalette
ScaleViewportExtEx
GetMetaFileW
EnumFontFamiliesW
SetPixelFormat
UpdateColors
CreateICW
GetTextExtentPointA
SetTextColor
CreateScalableFontResourceW
Escape
PlayMetaFileRecord
GetNearestPaletteIndex
PlayEnhMetaFileRecord
CreatePalette
GetPath
CreateDIBPatternBrushPt
GetViewportOrgEx
GetPixel
CreateDIBSection
DeviceCapabilitiesExA
SetViewportOrgEx
SetMagicColors
GetGraphicsMode

kernel32

GetCPInfo
SetEvent
VirtualFree
GetStdHandle
GetTickCount
GetModuleHandleA
TlsFree
GetCurrentThread
GetStringTypeA
LeaveCriticalSection
RtlUnwind
GetModuleFileNameA
TlsAlloc
HeapDestroy
GetWindowsDirectoryW
HeapFree
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetACP
FreeEnvironmentStringsW
IsBadWritePtr
InitializeCriticalSection
LCMapStringW
ExitProcess
GetCommandLineA
GetEnvironmentStringsW
VirtualAlloc
TlsGetValue
GetLastError
MoveFileExW
FreeEnvironmentStringsA
EnterCriticalSection
LoadLibraryA
GetCurrentProcessId
WriteFile
GetOEMCP
LCMapStringA
GetStringTypeW
VirtualQuery
TerminateProcess
HeapAlloc
GetFileType
QueryPerformanceCounter
GetVersion
SetHandleCount
GetLocaleInfoW
GetCurrentThreadId
WideCharToMultiByte
GetStartupInfoA
DeleteCriticalSection
GetProcAddress
HeapReAlloc
MultiByteToWideChar
GetEnvironmentStrings
GetCurrentProcess
InterlockedExchange
SetLastError
TlsSetValue
HeapCreate

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50ccf58e974d26c3a7ef127dd1214759

Headers

File Characteristics

Imports

shell32

advapi32

comdlg32

gdi32

kernel32

Sections

.text Size: 123KB - Virtual size: 123KB

.data Size: 304KB - Virtual size: 303KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 123KB - Virtual size: 123KB

.data
Size: 304KB - Virtual size: 303KB

.rsrc
Size: 14KB - Virtual size: 14KB