2e1d00d877a2c91484263842565f265b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e1d00d877a2c91484263842565f265b_JaffaCakes118
Size

420KB
MD5

2e1d00d877a2c91484263842565f265b
SHA1

d18b8cb69de7fc7ada5390ff9cb2a2372291b538
SHA256

c029016e810c4608b438484e3f4a073a0c49ca7dfa06dc046ff11c043f6ee744
SHA512

fc5f2ec8d72ba6f7932a6012db0f536d192a020823ed2b0a65a5f5f5dc0ddf08d9aaa17e9a8764910fe5509c9e370ffe5d596d9840a5a97f7fa47c387524cdd0
SSDEEP

6144:V+o3fohkUeiesUCM/0xPhrEb1oQ25sgKVYOdUBfzg9Es0uLJz3dZfANLR1absTE1:V+ofKkXCM8lE5oQ2ulABr7s0u/Vug1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e1d00d877a2c91484263842565f265b_JaffaCakes118

Files

2e1d00d877a2c91484263842565f265b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

770fa489a7404960a8061570fd63f2f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetFileTitleA
ChooseColorW
GetSaveFileNameA
PageSetupDlgW
ChooseFontW
GetOpenFileNameW
GetOpenFileNameA
ChooseColorA
GetSaveFileNameW
ReplaceTextW
ReplaceTextA

gdi32

GetViewportExtEx
CreateDCW

advapi32

CryptDestroyKey
CryptSetHashParam
RegQueryValueW
InitiateSystemShutdownW
RegOpenKeyExW
DuplicateToken
RegLoadKeyA
RegEnumValueA
LookupAccountSidA
LookupSecurityDescriptorPartsW
GetUserNameA
RegCreateKeyExA
RegDeleteKeyW
RegSaveKeyW
RegCreateKeyExW
CryptEncrypt
AbortSystemShutdownA

user32

GetSubMenu
DlgDirSelectComboBoxExA
PaintDesktop
CopyAcceleratorTableA
DefFrameProcA
DrawStateA
CreateCaret
MenuItemFromPoint
IsDialogMessageA
GetWindowRgn
CallWindowProcA
SetUserObjectSecurity
FreeDDElParam
SetUserObjectInformationW
GetThreadDesktop
InvalidateRgn
GetScrollBarInfo
DefDlgProcW
UnionRect
LoadImageW
CharNextExA

kernel32

GetCommandLineA
QueryPerformanceCounter
VirtualFree
GetVolumeInformationA
GetACP
HeapAlloc
WriteFile
lstrcmpiW
LoadLibraryA
GetTickCount
InterlockedExchange
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
GlobalHandle
TlsAlloc
IsBadWritePtr
LeaveCriticalSection
FreeEnvironmentStringsW
GetCurrentProcess
TlsFree
GetCurrentProcessId
SetConsoleScreenBufferSize
GetStringTypeW
GetStringTypeA
GetProcAddress
GetLastError
UnhandledExceptionFilter
HeapDestroy
GetModuleFileNameA
HeapCreate
GetStartupInfoA
SetLastError
VirtualAlloc
GetFileType
GetVersion
GetCurrentThreadId
GetStdHandle
HeapFree
GetCurrentThread
GetVolumeInformationW
HeapReAlloc
LCMapStringA
TerminateProcess
VirtualUnlock
InitializeCriticalSection
GetCurrencyFormatW
GetOEMCP
EnterCriticalSection
SetHandleCount
TlsSetValue
MultiByteToWideChar
TlsGetValue
DosDateTimeToFileTime
DeleteCriticalSection
GetModuleHandleA
OpenWaitableTimerW
LCMapStringW
FreeEnvironmentStringsA
GetCPInfo
VirtualQuery
GetSystemInfo
WideCharToMultiByte
GetSystemTimeAsFileTime
ExitProcess

shell32

FindExecutableW
SHInvokePrinterCommandW
SHBrowseForFolderW
SHGetDataFromIDListA
SHGetFileInfoW
DragAcceptFiles
SheChangeDirA
SHInvokePrinterCommandA
InternalExtractIconListW
SHGetDataFromIDListW
SHGetDiskFreeSpaceA
DragQueryFileAorW

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 304KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

770fa489a7404960a8061570fd63f2f6

Headers

File Characteristics

Imports

comdlg32

gdi32

advapi32

user32

kernel32

shell32

Sections

.text Size: 114KB - Virtual size: 113KB

.data Size: 304KB - Virtual size: 325KB

.rsrc Size: 1024B - Virtual size: 860B

.text
Size: 114KB - Virtual size: 113KB

.data
Size: 304KB - Virtual size: 325KB

.rsrc
Size: 1024B - Virtual size: 860B