2eb95aec8823cd78a4edb7368577f4cb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2eb95aec8823cd78a4edb7368577f4cb_JaffaCakes118
Size

195KB
MD5

2eb95aec8823cd78a4edb7368577f4cb
SHA1

0f4bbec3f553aa8094d9bf7d4243fd86373265eb
SHA256

1e489ee98dd914c59f3fe1320e0365f438157213c1551eb114baa2b61aa9e9e7
SHA512

fb30dccfe5f2c81a232eec24218dc99e2fb171bbeb49d4c2ac7eec24ac345a93895f193e91a01fb165124b025695e01b779325adab07581646de52fef29869a0
SSDEEP

6144:4XnEsfOz5Kmz8dYZ/Nx9PAtEFbNIxhCkfvKg:4ROtKmz8ARAtDxhCkfvKg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eb95aec8823cd78a4edb7368577f4cb_JaffaCakes118

Files

2eb95aec8823cd78a4edb7368577f4cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3012d7eb8d0d79a9754411502437a087

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
GetFileInformationByHandle
FindClose
FreeEnvironmentStringsA
GetVersionExW
GlobalUnlock
GetCurrentThreadId
HeapFree
GlobalHandle
GetEnvironmentVariableW
FormatMessageW
GetEnvironmentStrings
SetHandleCount
EnterCriticalSection
HeapAlloc
FindResourceExW
HeapDestroy
GlobalLock
DeleteCriticalSection
InterlockedDecrement
GetLocalTime
lstrcmpiW
GetSystemTime
WriteConsoleW
GetStdHandle
InterlockedIncrement
VirtualAlloc
MulDiv
CreateFileW
LoadLibraryA
TlsFree
GetModuleFileNameA
DebugBreak
IsDebuggerPresent
ExitThread
GetModuleFileNameW
GetStringTypeA
InterlockedCompareExchange
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualProtect
MultiByteToWideChar
TryEnterCriticalSection
GetModuleHandleA
FreeLibrary
InterlockedExchange
FreeEnvironmentStringsW
lstrlenA
CreateProcessW
ExpandEnvironmentStringsW
CreateEventW
GetProcAddress

msvcrt

iswspace
_amsg_exit
__p__fmode
wcschr
??3@YAXPAX@Z
??1type_info@@UAE@XZ

advapi32

DuplicateTokenEx
CryptHashData
RegCloseKey
RegOpenKeyExW
CryptGetHashParam
CryptDestroyHash
FreeSid
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
CryptCreateHash
GetUserNameW
CryptReleaseContext
CryptAcquireContextW
RegDeleteValueA

shlwapi

PathMatchSpecW
PathFileExistsW
PathFindFileNameW
SHDeleteKeyA
wvnsprintfW
wnsprintfA
wnsprintfW
PathRemoveFileSpecW
StrStrW

user32

ClientToScreen
GetDlgCtrlID
EndDialog
GetDlgItem
SendMessageW
GetWindowPlacement
DestroyWindow
DispatchMessageA
OpenWindowStationA
ToUnicode
FindWindowExA
CloseDesktop
GetForegroundWindow
GetCursorPos
SetProcessWindowStation
GetWindowTextA
LoadCursorA

aclui

CreateSecurityPage

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3012d7eb8d0d79a9754411502437a087

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

shlwapi

user32

aclui

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 22KB - Virtual size: 51KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 22KB - Virtual size: 51KB

.rsrc
Size: 2KB - Virtual size: 2KB