2ce527cc6ee6f83eb2870aacbe6e95c0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2ce527cc6ee6f83eb2870aacbe6e95c0_JaffaCakes118
Size

180KB
MD5

2ce527cc6ee6f83eb2870aacbe6e95c0
SHA1

cd5555fd3e33a8927a0f32b94d8c4dba79dc4b86
SHA256

06dfdbab8b8a43c76b73552508ba0d858acba6c35b3f26c9b5528c0c2be4d264
SHA512

c1fa751bb5dd871b7a28e61f0d57e28276cefa82a1e1836f774d4c8552260f6e1135971b0d5be0144dab9b75b44fdf2a23f989db8ef502de1ec40eb6a0e8197d
SSDEEP

3072:Y1ItBJrGDxQvTwkAUbCyJyI3pbvZK7OjVOni04k/sDuSpEiMrm35oqvvzV:Y1gBNGDxQbwkAUbCApjmihkOpEPrm+0B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ce527cc6ee6f83eb2870aacbe6e95c0_JaffaCakes118

Files

2ce527cc6ee6f83eb2870aacbe6e95c0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e16edbd3d9b6eed6cdf9486e69b6dfb2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wscript.pdb

Imports

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
lstrlenW
GetCommandLineA
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
GetStartupInfoA
GetModuleHandleA
ExitProcess
GetLastError
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateFileW
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileIntW
GetPrivateProfileIntA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetFullPathNameW
GetFullPathNameA
GetLocaleInfoA
lstrlenA
lstrcpyA
HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetStdHandle
GetFileType
InterlockedIncrement
GetCurrentThreadId
GetModuleFileNameW
GetVersionExA
LocalFree
FormatMessageA
LocalAlloc
FormatMessageW
GetProcAddress
LoadLibraryA
SetEvent
CloseHandle
CreateThread
CreateEventA
GetACP
FindClose
FindFirstFileA
GetFileAttributesA
FindFirstFileW
GetFileAttributesW
GetCPInfo
GetUserDefaultLCID
FlushFileBuffers
WriteFile
CreateFileA
GetTempFileNameA
GetTempPathA
GetSystemDirectoryA
FreeLibrary

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_endthread
_beginthread
sprintf
malloc
free
_itow
wcsrchr
_except_handler3

advapi32

RegQueryValueA
RegSetValueExA
IsTextUnicode
DeregisterEventSource
ReportEventW
LookupAccountNameW
GetUserNameW
RegisterEventSourceW
ImpersonateLoggedOnUser
RegOpenKeyExA
RegOpenKeyExW
RegDeleteKeyA
RegQueryValueExW
RegOpenKeyA
RegSetValueA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExW
RegQueryValueExA
RegSetValueExW

user32

PostQuitMessage
DefWindowProcA
SetTimer
SetWindowLongA
KillTimer
EnumThreadWindows
wsprintfW
GetMessageA
DispatchMessageA
GetActiveWindow
MessageBoxW
PostThreadMessageA
LoadStringW
LoadStringA
CharNextA
GetClassInfoA
RegisterClassA
CreateWindowExA
wsprintfA
IsWindowVisible
GetParent
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
SendMessageA
PostMessageA
GetWindowLongA

oleaut32

SysAllocString
LoadRegTypeLi
SysAllocStringByteLen
SetErrorInfo
CreateErrorInfo
VariantClear
VariantCopy
SafeArrayGetLBound
SafeArrayCopy
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
VariantChangeType
LoadTypeLi
VariantInit
UnRegisterTypeLi
LoadTypeLibEx
SysStringLen
SysAllocStringLen
SysFreeString

ole32

CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoUninitialize
CoInitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
StringFromCLSID
CoGetMalloc
CreateBindCtx
CreateFileMoniker
CoInitializeSecurity
CoRegisterMessageFilter
CLSIDFromString
CLSIDFromProgID
MkParseDisplayName
CoGetClassObject

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e16edbd3d9b6eed6cdf9486e69b6dfb2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

advapi32

user32

oleaut32

ole32

version

imm32

Sections

.text Size: 64KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 480B

.rsrc Size: 108KB - Virtual size: 108KB

.text
Size: 64KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 480B

.rsrc
Size: 108KB - Virtual size: 108KB