2eab1c3bdf96d315dc97c39a2bc53a0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2eab1c3bdf96d315dc97c39a2bc53a0d_JaffaCakes118
Size

159KB
MD5

2eab1c3bdf96d315dc97c39a2bc53a0d
SHA1

60ecd3aa9288cc7b740bd452c537ecf9c225af6b
SHA256

682cf9796993205a6a984fce0a00ca801978ae10301e1087c22c8d5d0056dd0e
SHA512

d0dc11285904017f27819f5f7410c4b706aa7cd3d7d4e2d420cf8e9199ecdf44ca87c400c9829eaf657faf8dd64ad02a58f17d0eec134b993764c2ebd516a079
SSDEEP

3072:S1MZ4kMf/NfQ9wZmoHKQwxrxKLJR+lP4k9XlX3NfixQ9zJCZ:ShTfVfQ9wsOKQwi+lPj953Rik

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eab1c3bdf96d315dc97c39a2bc53a0d_JaffaCakes118

Files

2eab1c3bdf96d315dc97c39a2bc53a0d_JaffaCakes118
.dll windows:1 windows x86 arch:x86

bf71909ec4e12087fbea72380edea08b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

ecgwm35i

_fprintfieee
_getcwd
_spawnl_ansi
fclose
fgets
fopen
localtime
remove
strcmpi
time
tmpnam

ecgwob3i

ord2144
ord652
ord691
ord690
ord685
ord649
ord2146
ord2142
ord2157
ord2131
ord640
ord2140
ord2153
ord2150
ord656
ord2160
ord2152
ord2143
ord2134
ord2141
ord638
ord2136
ord2162
ord672
ord2123
ord2133
ord2126
ord635
ord2124
ord671
ord2145
ord688
ord2135
ord944
ord678
ord2127
ord683
ord648
ord664
ord674
ord665
ord940
ord945
ord2132
ord682
ord675
ord941
ord636
ord2138
ord2163
ord686
ord2129
ord2154
ord637
ord673
ord669
ord677
ord2151
ord2128
ord661
ord627
ord2130
ord631
ord942
ord2161
ord639
ord681
ord660
ord655
ord654
ord2159
ord335
ord342
ord2149
ord286
ord764
ord2148
ord2158
ord2203
ord2199
ord782
ord752
ord757
ord170
ord296
ord317
ord290
ord332
ord628
ord777
ord2137
ord2210
ord746
ord775
ord754
ord323
ord352
ord340
ord459
ord116
ord173
ord405
ord119
ord376
ord455
ord448
ord572
ord371
ord447
ord156
ord150
ord458
ord462
ord461
ord446
ord450
ord314
ord303
ord374
ord381
ord357
ord43
ord375
ord625

ecgwou3i

ord2460
ord1497
ord1781
ord1268
ord1960
ord1944
ord2278
ord2258
ord738
ord646
ord727
ord270
ord1976
ord297
ord134
ord1050
ord2681
ord1527
ord1415
ord1156
ord2370
ord1894
ord2807
ord1468
ord2573
ord1923
ord1934
ord1250
ord671
ord272
ord299
ord138
ord1055
ord1524
ord1403
ord1133
ord913
ord1463
ord2540
ord1936
ord1917
ord1684
ord643
ord639
ord708
ord648
ord339
ord696
ord1815
ord328
ord22
ord2590
ord329
ord26
ord1140
ord684
ord743
ord1677
ord1553
ord1619
ord1051
ord718
ord745
ord644
ord677
ord5563
ord673
ord659
ord388
ord2673
ord24
ord729
ord1783
ord1970
ord2267
ord2683
ord2912
ord1625
ord336
ord1556
ord1586
ord28
ord721
ord1715
ord689
ord276
ord298
ord137
ord1052
ord1525
ord273
ord1743
ord1615
ord1591
ord21
ord636
ord296
ord1624
ord1473
ord1523
ord1518
ord1612
ord1690
ord726
ord1517
ord1532
ord23
ord1569
ord649
ord1558
ord1642
ord1602
ord275
ord1544
ord1560
ord1669
ord1666
ord695
ord1618
ord1707
ord730
ord1687
ord344
ord1655
ord1657
ord1579
ord1845
ord1601
ord537
ord1647
ord2549
ord1921
ord1053
ord1571
ord513
ord732
ord1085
ord693
ord692
ord679
ord631
ord1516
ord1530
ord653
ord704
ord1695
ord1665
ord1699
ord337
ord359
ord666
ord347
ord1594
ord2803
ord1698
ord1710
ord1688
ord1697
ord1668
ord1653
ord1568
ord1566
ord1633
ord1496
ord246
ord1693
ord1637
ord1652
ord1656
ord1622
ord338
ord687
ord670
ord330
ord271
ord1705
ord700
ord1696
ord663
ord1711
ord1650
ord1676
ord1718
ord1683
ord1663
ord1714
ord277
ord674
ord678
ord633
ord1049
ord269
ord1607
ord1576
ord1551
ord1681
ord38
ord1584
ord1667
ord1691
ord651
ord1782
ord2817
ord638
ord1483
ord1713
ord1703
ord1632
ord660
ord668
ord672
ord1465
ord1638
ord5527
ord1712
ord1686
ord1673
ord697
ord669
ord748
ord1631
ord1692
ord681
ord632
ord1679
ord1640
ord720
ord714
ord1678
ord1658
ord1913
ord1276
ord1254
ord1491
ord2539
ord1933
ord2557
ord1908
ord1689
ord640
ord1574
ord1262
ord1259
ord715
ord1706
ord1704
ord1528
ord1534
ord27
ord1629
ord136
ord1155
ord662
ord750
ord1522
ord1533
ord1067
ord1555
ord1606
ord2924
ord2793
ord2450
ord1251
ord1499
ord962
ord1779
ord2907
ord2922
ord1272
ord1275
ord2828
ord751
ord2930
ord2822
ord2906
ord685
ord2923
ord722
ord1643
ord1253

kernel32

CloseHandle
CreateEventA
CreateFileMappingA
CreateMutexA
CreateThread
ExitProcess
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeEnvironmentStringsA
FreeLibrary
GetCPInfo
GetCommandLineA
GetConsoleCP
GetCurrentDirectoryA
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileType
GetFullPathNameA
GetLastError
GetLogicalDrives
GetModuleHandleA
GetOEMCP
GetShortPathNameA
GetStdHandle
GetTickCount
GetVersion
LoadLibraryExA
LocalFree
LocalHandle
MapViewOfFile
OpenEventA
RaiseException
ReleaseMutex
ResetEvent
ResumeThread
SearchPathA
SetEvent
SetFilePointer
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile

user32

BringWindowToTop
SendDlgItemMessageA
UnregisterClassA

Exports

Exports

EditBaseRetrievalProfile

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bf71909ec4e12087fbea72380edea08b

Headers

File Characteristics

Imports

advapi32

ecgwm35i

ecgwob3i

ecgwou3i

kernel32

user32

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 120KB

.data Size: 20KB - Virtual size: 19KB

.idata Size: 5KB - Virtual size: 5KB

.edata Size: 512B - Virtual size: 88B

.data Size: 512B - Virtual size: 248B

.data Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 121KB - Virtual size: 120KB

.data
Size: 20KB - Virtual size: 19KB

.idata
Size: 5KB - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 88B

.data
Size: 512B - Virtual size: 248B

.data
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB