2d6ac3cee0a7ab66e0ec8f12e992d9b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d6ac3cee0a7ab66e0ec8f12e992d9b8_JaffaCakes118
Size

815KB
MD5

2d6ac3cee0a7ab66e0ec8f12e992d9b8
SHA1

9fceed03ca524ea87d2fd66ebcd801eaf40e66f4
SHA256

df4a690724c790e2aef3437e5efb7aa25d5a94adb872a53ad21151a4c041eb15
SHA512

0602bef0ee34d5afce5cab44b2c6ae079f4078a81b7bea37cf68003e1866ddd4c0af7ff3b653cf4f5c29fede257b1ca674accbc40074bf9a6fe537301a0792c4
SSDEEP

24576:PZ0pBFB6m6kVjhWxLAvgqMKftwh75nCCyo:P6pBf6Hp6sCU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d6ac3cee0a7ab66e0ec8f12e992d9b8_JaffaCakes118

Files

2d6ac3cee0a7ab66e0ec8f12e992d9b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88c9e4da83a089ccbcb78c886409c592

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetDlgItemTextW
InvalidateRect
SetScrollPos
SetWindowLongA
ShowWindow
GetParent
SetRect
RegisterClassW
EnableWindow
CallWindowProcW
ScreenToClient
FindWindowW
SetScrollInfo
GetDlgItem
SetWindowTextA
GetWindowThreadProcessId
RegisterWindowMessageW
UnhookWindowsHookEx
GetSystemMetrics
SendMessageW
IsWindowEnabled
PeekMessageA
GetClientRect
RegisterClassA
CharUpperA

msvcrt

_fileno
??3@YAXPAX@Z
_CxxThrowException
_wcsicmp
_initterm
memset
malloc
_adjust_fdiv
_cexit
wcsncmp
__p__commode
exit
memcpy
_purecall
_wcsnicmp
memmove

kernel32

ExpandEnvironmentStringsW
FlushFileBuffers
LCMapStringA
GetFileSize
GlobalFree
LoadLibraryExA
LoadLibraryW
HeapAlloc
InterlockedIncrement
InterlockedCompareExchange
TlsFree
CreateFileA
GetEnvironmentVariableW
CopyFileA
FreeLibrary
GetTickCount
MoveFileA
SetThreadPriority
GetComputerNameW
lstrlenW
WaitForSingleObject
GetModuleFileNameW
GlobalLock
WriteFile
GetLastError
IsValidCodePage
GetSystemInfo
ExitProcess
QueryPerformanceCounter
SetConsoleCtrlHandler
LeaveCriticalSection
InterlockedDecrement
GetCurrentProcessId
GetThreadLocale
TlsAlloc
VirtualProtect
LocalAlloc
GlobalReAlloc
GetCPInfo
FormatMessageA
GetVersionExA
RtlUnwind
FlushInstructionCache
LoadLibraryA
CreateEventA
WideCharToMultiByte
CloseHandle
FindFirstFileA
DeleteCriticalSection
GetEnvironmentStrings
LoadResource
GetCurrentThreadId
GetCommandLineW
OutputDebugStringW
LockResource
TerminateProcess
LocalReAlloc
GetProcessHeap
MultiByteToWideChar
GetACP
GetStringTypeA
GetModuleHandleA
GetCommandLineA
GetVersion
TlsSetValue
GetProcAddress
GetStartupInfoA
GetOEMCP
SetLastError
GetFileAttributesA
GetVersionExW
OutputDebugStringA

ole32

CoInitialize
CoInitializeEx

ntdll

ZwReplaceKey

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88c9e4da83a089ccbcb78c886409c592

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

kernel32

ole32

ntdll

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 3KB - Virtual size: 8KB

.idata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 3KB - Virtual size: 8KB

.idata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 3KB