2e0b5e753c6896d6de67429840e8cd89_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e0b5e753c6896d6de67429840e8cd89_JaffaCakes118
Size

2.9MB
MD5

2e0b5e753c6896d6de67429840e8cd89
SHA1

45618b264b21a12ec53d95e800993fd343d17a82
SHA256

b52f2465b3b4b3eea02141a451dbfacf67458c5f0c6c58345476e22f230189d4
SHA512

c63381811ee909198afd26be0771c6d5e7d24da673a7faaf79595ff44bc8d0bf2eaaf960d740524a4773fe5efb399ef191fc8c9afa8bb5fc79f5d867630ce6b5
SSDEEP

24576:dOn1cDFc+L9q00rCBebzCLfYn55b4bsp3JMEcLNy:xeWkxzCra55bbpZMf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e0b5e753c6896d6de67429840e8cd89_JaffaCakes118

Files

2e0b5e753c6896d6de67429840e8cd89_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cf5ba521342858fe0a9c91bf8b500e5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetFocus
ShowOwnedPopups
GetClassInfoExW
PostThreadMessageW
SetCursor
DrawIconEx
DestroyCursor
LoadCursorW
InvertRect
ExitWindowsEx
MessageBeep
GetPropW
InvalidateRect
ReleaseDC
GetDC
DestroyMenu
SetTimer

kernel32

LCMapStringA
InterlockedIncrement
GetProcAddress
GlobalFree
VirtualAlloc
HeapFree
ExitProcess
GetCurrentThreadId
LCMapStringW
GetFileSize
SetFilePointer
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetSystemDirectoryW
GetVersionExW
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetLastError
GetStartupInfoW
InterlockedDecrement
LoadLibraryA
HeapReAlloc
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
GetVersion
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
InitializeCriticalSection

crypt32

CryptProtectData
CertNameToStrW
CertFindExtension
CertVerifyTimeValidity
CryptHashCertificate
CertGetPublicKeyLength
CertGetEnhancedKeyUsage
CertFreeCTLContext
CertCreateCertificateContext
CertEnumCertificatesInStore
CryptFindOIDInfo
CryptDecodeObject
CryptEncodeObject
CertFreeCertificateChain

psapi

GetDeviceDriverBaseNameW
GetModuleBaseNameW

userenv

ExpandEnvironmentStringsForUserW
EnterCriticalPolicySection
RegisterGPNotification
GetUserProfileDirectoryW

Sections

.text
Size: 801KB - Virtual size: 801KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 64.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3t7a2
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf5ba521342858fe0a9c91bf8b500e5b

Headers

File Characteristics

Imports

user32

kernel32

crypt32

psapi

userenv

Sections

.text Size: 801KB - Virtual size: 801KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 64.3MB

.3t7a2 Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 7KB - Virtual size: 9KB

.text
Size: 801KB - Virtual size: 801KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 64.3MB

.3t7a2
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 7KB - Virtual size: 9KB