2f97ea3c55289a104b770579b142a652_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f97ea3c55289a104b770579b142a652_JaffaCakes118
Size

72KB
MD5

2f97ea3c55289a104b770579b142a652
SHA1

72a0c5de73f663b939282aaef1170851ee103ebb
SHA256

62a384610ea98e443241f6874b752f663251c20a7f30a7c29f83b2da6b1fa08b
SHA512

edc12b34c04f2cd6bf0bce7967e7c2c6849439b693ce80ee7bacb32c3f390505f354ef8463f1ffd6374a7abc361f7d4647075d178cd5c6f22ed5bcbaee019d0f
SSDEEP

1536:VbvO2TgylH7mEUPnFeU7JQ9wAMNZzJi2vdVdPAhS3:VbWqfH7cfF777AMNZzJiSH3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f97ea3c55289a104b770579b142a652_JaffaCakes118

Files

2f97ea3c55289a104b770579b142a652_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3dd27bc15df2286167f078ee9926935b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

modemui

drvCommConfigDialogA
CountryRunOnce
drvGetDefaultCommConfigA

msimg32

vSetDdrawflag
TransparentBlt
GradientFill
AlphaBlend

shlwapi

UrlCombineA
UrlIsNoHistoryW
UrlUnescapeA
UrlCanonicalizeA
UrlHashA
UrlEscapeA
UrlIsOpaqueA
PathCombineA
UrlCreateFromPathA
UrlIsA
PathCompactPathA

user32

IsDialogMessageA
DrawIcon
DialogBoxParamA
LoadCursorA
GetWindowLongA
GetPropA
GetCaretPos
LoadImageA
PostMessageA
IsWindow
SetCursorPos
DispatchMessageA

advapi32

ControlService
RegEnumValueA
IsValidSid
RegFlushKey
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegCloseKey
IsTextUnicode
RegQueryValueA
CreateServiceA
InitializeSid
IsValidSecurityDescriptor
ClearEventLogA
RegDeleteValueA

nddeapi

NDdeShareAddA
NDdeShareSetInfoA
NDdeShareGetInfoA

kernel32

GetGeoInfoA
ReadFile
GetConsoleTitleA
GetModuleHandleA
GetPrivateProfileIntA
GetDateFormatA
GetProcessId
FormatMessageA
lstrcpynA
HeapValidate
GetStringTypeA
DeviceIoControl
GetBinaryTypeW
GetPrivateProfileStructW
VirtualAllocEx
GetComputerNameA
SetFilePointer
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentProcess
WaitForSingleObject
GetNumberFormatW
GetTimeFormatA
GetVersionExA
CloseHandle
GetProcessHeap
CreateDirectoryA
GetFullPathNameA
CreateNamedPipeA

certcli

CAEnumFirstCA
CACloseCA
CADeleteCA
CACloseCertType

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 881B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dd27bc15df2286167f078ee9926935b

Headers

DLL Characteristics

File Characteristics

Imports

modemui

msimg32

shlwapi

user32

advapi32

nddeapi

kernel32

certcli

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 881B

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 881B

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 12KB - Virtual size: 12KB