f2c080afbc93050f8e33ee20b97e5d14_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f2c080afbc93050f8e33ee20b97e5d14_JaffaCakes118
Size

252KB
MD5

f2c080afbc93050f8e33ee20b97e5d14
SHA1

2907be4d7517d063370f36febfb040b3dfc4f360
SHA256

e6bcbd6d8cf5c92393030924a1edba9b4bd620c344703f9bbce4f7f63157f4e0
SHA512

e22652d95ecc99b2288225d8d22b621df382963c1b264138b6f97b32a74a1c336224e4e10600e3ae29b049ba88512f7819ff34703fd3d66a76d9de1cae4f0c55
SSDEEP

6144:Scjr0I/BsJpbrD/GLswD3LD6a5VAAnK0KRp7i:Scv01brbGLspa0f0KRp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2c080afbc93050f8e33ee20b97e5d14_JaffaCakes118

Files

f2c080afbc93050f8e33ee20b97e5d14_JaffaCakes118
.exe windows:4 windows x86 arch:x86

88c7d01060658968f705f99024621ebf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString

kernel32

CreateThread
RemoveDirectoryA
MapViewOfFile
FindNextChangeNotification
OpenProcess
LockResource
HeapAlloc
TlsGetValue
EnterCriticalSection
FormatMessageA
CreateEventA
FindClose
CreateDirectoryA
ResumeThread
GetSystemTimeAsFileTime
WaitForMultipleObjects
LeaveCriticalSection
UnmapViewOfFile
FindResourceExA
FindFirstFileA
CreateFileMappingA
SizeofResource
LoadResource
HeapDestroy
HeapFree
ReleaseSemaphore
FindNextFileA
WideCharToMultiByte
HeapSize
CloseHandle
GetCurrentThreadId
GetACP
WaitForSingleObject
DeleteCriticalSection
CreateSemaphoreA
DeleteFileA
GetProcessHeap
FindCloseChangeNotification
LocalFree
GetSystemTime
RaiseException
ReleaseMutex
CreateMutexA
OpenFileMappingA
lstrlenA
HeapReAlloc
TlsSetValue
GetThreadLocale
FindResourceA
FindFirstChangeNotificationA
LocalAlloc
CompareFileTime
VirtualAlloc

advapi32

CryptAcquireContextA
RegCloseKey
ControlService
OpenServiceW
OpenServiceA
OpenSCManagerA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyA
QueryServiceStatus
QueryServiceStatusEx
StartServiceA
CryptGenRandom
CryptReleaseContext
CloseServiceHandle

user32

wsprintfA

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

oleaut32

SystemTimeToVariantTime
VarUdateFromDate
VariantTimeToSystemTime

shlwapi

PathIsURLA
PathIsUNCA

resutils

ResUtilCreateDirectoryTree
ResUtilEnumResources
ResUtilSetExpandSzValue
ResUtilGetAllProperties
ResUtilSetPropertyTableEx
ResUtilGetResourceDependencyByName
ResUtilVerifyPropertyTable
ResUtilGetResourceDependentIPAddressProps
ResUtilVerifyPrivatePropertyList

fontext

DllCanUnloadNow

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 227KB - Virtual size: 825KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88c7d01060658968f705f99024621ebf

Headers

File Characteristics

Imports

ole32

kernel32

advapi32

user32

rpcrt4

oleaut32

shlwapi

resutils

fontext

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 227KB - Virtual size: 825KB

.rsrc Size: 2KB - Virtual size: 5KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 227KB - Virtual size: 825KB

.rsrc
Size: 2KB - Virtual size: 5KB