9006ee2d0014b4aec1e1716c14ce208f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9006ee2d0014b4aec1e1716c14ce208f_JaffaCakes118
Size

191KB
MD5

9006ee2d0014b4aec1e1716c14ce208f
SHA1

59d6433990b26f5fe8e56945c9f5f0f9e6baf699
SHA256

0212e33dee80b3e7f1df74d8c5f5dcb48885e379d1a6c44cca4aa59f5296d78b
SHA512

e3d45ffc9bee5825f284fdf8d82bd353c24b7e6bfaca2b5475627dcb183c9786d6cd08f8379b76941f78cbb748bfcb2c058271df58d8ea775be6ec0ebf409641
SSDEEP

3072:0PHffjfzZ7fHlD47/T3BdCnCF2HwUcDbR+FZjRh2jBDveRhL57XFlE7pCU5gPh3y:6Hffjf17fHls7/zvCnw2oR+FZD2NDqLp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9006ee2d0014b4aec1e1716c14ce208f_JaffaCakes118

Files

9006ee2d0014b4aec1e1716c14ce208f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

db8be5bf1da7e84d8255e5a10c9a6b1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

ole32

StringFromCLSID
CreateItemMoniker
CoRevokeClassObject
CreateStreamOnHGlobal
CoTaskMemFree
CoFreeUnusedLibraries
GetRunningObjectTable
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx
CoRegisterClassObject
CLSIDFromString
StringFromGUID2
CoTaskMemAlloc

user32

MsgWaitForMultipleObjects
CreateWindowExA
wvsprintfA
RegisterWindowMessageA
wsprintfA
GetQueueStatus
DispatchMessageA
PostThreadMessageA
CopyRect
LoadStringA
PeekMessageA
GetMessageA
RegisterClassA
MonitorFromWindow
DestroyWindow

winmm

timeGetDevCaps
timeBeginPeriod
timeGetTime
timeEndPeriod

kernel32

GetLastError
ResumeThread
IsBadReadPtr
VirtualFree
EnterCriticalSection
LoadLibraryA
Sleep
InitializeCriticalSection
CreateFiberEx
CreateMutexA
IsBadWritePtr
HeapFree
LockResource
MultiByteToWideChar
ClearCommError
CloseHandle
GetSystemTimeAsFileTime
GetCurrentThread
ReleaseMutex
CreateSemaphoreA
DisableThreadLibraryCalls
WaitForMultipleObjects
VirtualAlloc
LeaveCriticalSection
GetCurrentThreadId
EnumResourceNamesA
LoadLibraryW
SetThreadPriority
LoadResource
GetThreadPriority
GetSystemTime
InterlockedIncrement
WaitForSingleObject
GetExitCodeThread
GetProcAddress
GetSystemInfo
TerminateThread
WideCharToMultiByte
GetModuleFileNameA
FatalExit
FindResourceA
GetCurrentProcessId
DeleteCriticalSection
InterlockedDecrement
lstrlenA
GetProcessHeap
CreateThread
SetEvent
ReleaseSemaphore
GetModuleFileNameW
GetVersionExA
FreeLibrary
GlobalAlloc
LocalFree
GetACP
CreateEventA
GetTickCount
ResetEvent
CreateFileW
QueryPerformanceCounter
ExitProcess

advapi32

RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetValueA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyExA
RegEnumKeyExA

quartz

AMGetErrorTextW

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lib
Size: 512B - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db8be5bf1da7e84d8255e5a10c9a6b1c

Headers

File Characteristics

Imports

ole32

user32

winmm

kernel32

advapi32

quartz

shell32

Sections

.text Size: 163KB - Virtual size: 163KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 22KB - Virtual size: 22KB

.lib Size: 512B - Virtual size: 224KB

.text
Size: 163KB - Virtual size: 163KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 22KB - Virtual size: 22KB

.lib
Size: 512B - Virtual size: 224KB