c2400fd31f1aff470562f31353bbf62b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c2400fd31f1aff470562f31353bbf62b_JaffaCakes118
Size

307KB
MD5

c2400fd31f1aff470562f31353bbf62b
SHA1

998dedcea2b680405a454a053e7c4dfeb5cc1a4e
SHA256

575a5b55198882624e04ba01a84fed2851860f176bb0817f1c227572e42047be
SHA512

d76b51fadb886d36ebec38163694ba8d74ed8305236e34e4b70c369ed951cc4e233d7a92198fee4e2887c58d56ed5033a58999c31735b018482beb0b168f8061
SSDEEP

6144:ZVi/m/KbBXmKl5F0h9jIjVCObB2aFQe3Hf66OJ4ruRFj6x/99+:i+/kzvF0vIjVCObhFx3Hf66tAFj6x/94

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2400fd31f1aff470562f31353bbf62b_JaffaCakes118

Files

c2400fd31f1aff470562f31353bbf62b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

49369bc00a6955fe7011cfb59aff52f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

oleaut32

SysAllocStringLen
SysFreeString
RegisterTypeLi
SafeArrayUnlock
SysStringByteLen
SafeArrayGetUBound
LoadRegTypeLi
SafeArrayGetLBound
VarBstrCmp
SafeArrayLock
VariantInit
VariantClear
SafeArrayGetVartype
GetErrorInfo
SafeArrayDestroy
SysAllocStringByteLen
SysAllocString
SysStringLen
VarBstrCat
UnRegisterTypeLi
LoadTypeLi

user32

CharNextW

shlwapi

PathIsRelativeW
PathFindExtensionW
PathIsURLW
PathFindFileNameW
PathCanonicalizeW
PathRemoveExtensionW
PathCombineW
PathRemoveFileSpecW
PathStripToRootW
PathRenameExtensionW
PathFileExistsW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
StringFromCLSID
CoCreateFreeThreadedMarshaler

kernel32

GlobalUnlock
FreeLibrary
UnhandledExceptionFilter
SwitchToThread
ReadFile
lstrlenW
SetThreadLocale
CreateFileW
GetProcessHeap
GetFullPathNameW
LeaveCriticalSection
HeapDestroy
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
FindResourceExW
GetCurrentThreadId
LoadResource
GlobalAlloc
RaiseException
FindResourceW
GetFileSize
GetSystemTimeAsFileTime
EnterCriticalSection
CopyFileW
OutputDebugStringW
SizeofResource
HeapAlloc
GlobalFree
HeapSize
DeleteCriticalSection
DeleteFileW
IsDebuggerPresent
CloseHandle
IsDBCSLeadByteEx
GlobalLock
GlobalSize
GlobalReAlloc
HeapReAlloc
GetThreadLocale
HeapFree
GetTempFileNameW
IsProcessorFeaturePresent
LockResource
GetCurrentDirectoryW
VirtualAllocEx
lstrcmpA

security

ExportSecurityContext
UnsealMessage
QuerySecurityContextToken
AcquireCredentialsHandleW
ImportSecurityContextA

msrle32

DriverProc

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49369bc00a6955fe7011cfb59aff52f8

Headers

File Characteristics

Imports

version

oleaut32

user32

shlwapi

advapi32

ole32

kernel32

security

msrle32

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 274KB - Virtual size: 274KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 274KB - Virtual size: 274KB

.rsrc
Size: 8KB - Virtual size: 8KB