ed06a940eb60814d18123c5162150704_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ed06a940eb60814d18123c5162150704_JaffaCakes118
Size

101KB
MD5

ed06a940eb60814d18123c5162150704
SHA1

6fd530070ba9ad60c6fdfa7b60b097d4ddcb7cf3
SHA256

149b55ab1bab2546b67f65634e632dab3e0bc516b2074d6c36e36666167a67f1
SHA512

af0aa000ec5d693ece4519ef71e17179d87e3123ca60cbba4d4bba4a8d37eccc330484769a9e495a2ea660fef6868621ecf3f899d93456e84f0b07fcac86a58e
SSDEEP

1536:KYcgjToGbcnHLRWt7g37Gr03Bo780DVmGaRe7rHQDmIqYKAeV3HUwyGP6bS5:N3owuRWt727fC7rIRsjQDeY5i3HHpy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed06a940eb60814d18123c5162150704_JaffaCakes118

Files

ed06a940eb60814d18123c5162150704_JaffaCakes118
.exe windows:5 windows x86 arch:x86

478a6fa457d14dc2831d2f8adb3c0921

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey

kernel32

InterlockedIncrement
LocalReAlloc
GetStartupInfoA
lstrcpyW
LocalFree
IsBadReadPtr
SetUnhandledExceptionFilter
lstrcmpiW
GlobalAlloc
LoadLibraryW
GetTickCount
SetLastError
InitializeCriticalSection
GetComputerNameW
GetSystemDefaultLangID
GlobalUnlock
WideCharToMultiByte
OutputDebugStringW
GetDateFormatW
FormatMessageW
FileTimeToLocalFileTime
RemoveDirectoryA
GetModuleHandleA
GetACP
FileTimeToSystemTime
CloseHandle
GetSystemWindowsDirectoryW
QueryPerformanceCounter
GlobalLock
InterlockedDecrement
GetLastError
CreateFileW
GetEnvironmentStringsW
GetModuleFileNameW
GlobalFree
OutputDebugStringA
GetSystemTimeAsFileTime
GetCurrentProcess
DeleteCriticalSection
lstrlenW

msvcrt

vswprintf
_initterm
_wcsicmp
memmove
__dllonexit
wcslen
?terminate@@YAXXZ
??2@YAPAXI@Z
wcscat
??1type_info@@UAE@XZ
free
wcsstr
_onexit
wcstoul
_adjust_fdiv
??3@YAXPAX@Z
wcscpy
mbstowcs
wcschr
_purecall
__RTDynamicCast
malloc
_except_handler3
wcscmp
_wcsupr
wcsrchr

user32

SetFocus
SystemParametersInfoW
EndDialog
GetWindowLongW
LoadCursorW
GetDC
SetCursor
ReleaseDC
DialogBoxParamW
WinHelpW
LoadStringW
LoadBitmapW
SetWindowLongW
RegisterClipboardFormatW
GetDlgItemTextA
SetDlgItemTextW
SetWindowTextW
PostMessageW
GetDlgItem
LoadImageW
InsertMenuItemW
wsprintfW
GetParent
MessageBoxW
EnableWindow
SendMessageW
SendDlgItemMessageW
LoadIconW

certcli

CAGetCertTypePropertyEx
CAGetCertTypeExtensions
CARemoveCACertificateType
CAFindCertTypeByName
CAGetCertTypeProperty
CASetCertTypeKeySpec
CACreateCertType
CASetCertTypeProperty
CAEnumCertTypesForCA
CAFindByName
CACloseCA
CASetCertTypeExtension
CAGetCAProperty
CACertTypeGetSecurity
CAFreeCAProperty
CAFreeCertTypeExtensions
CACloseCertType
CAGetCertTypeFlags
CAEnumCertTypes
CAUpdateCA
CASetCertTypeFlags
CAUpdateCertType
CACertTypeSetSecurity
CAAddCACertificateType
CAEnumNextCertType
CAGetCertTypeKeySpec
CAFreeCertTypeProperty

comctl32

CreatePropertySheetPageW
PropertySheetW

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

478a6fa457d14dc2831d2f8adb3c0921

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

certcli

comctl32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 71KB

.rsrc Size: 23KB - Virtual size: 22KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 71KB

.rsrc
Size: 23KB - Virtual size: 22KB