JaffaCakes118_134b145d47f98d798eb3a8fb5cd9cceb

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_134b145d47f98d798eb3a8fb5cd9cceb
Size

212KB
MD5

134b145d47f98d798eb3a8fb5cd9cceb
SHA1

399f484e88e4198b288882099efc044f0360d695
SHA256

488213906a32915e344b05e438d89813c47427054d91a2bb24f6f99837745fd5
SHA512

e25cf532ccf6649292d7111ee2467298bb541e2d938baf48e5a1a167347032dccd3464e1f57cafddab705dd17cb9c82e3f8ae2cbd2c25452420918c4455bf578
SSDEEP

6144:VavW/yVqtW23YmejTb9douEWLCUys0RO:gvLR7TDoz4CDse

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_134b145d47f98d798eb3a8fb5cd9cceb

Files

JaffaCakes118_134b145d47f98d798eb3a8fb5cd9cceb
.exe windows:4 windows x86 arch:x86

2da30ccd73ae658516f9d92f6082d608

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenW
GetLocalTime
CreateNamedPipeW
GetACP
HeapCreate
SystemTimeToFileTime
LoadLibraryA
CreateMailslotA
TlsAlloc
CreateDirectoryW
OpenEventW
ExitProcess
GetFullPathNameW
GetLogicalDriveStringsW
lstrcmpi
EnumCalendarInfoW
DosDateTimeToFileTime
CreateMutexA
lstrcmpiW
CompareStringA
BeginUpdateResourceA
WaitForSingleObject
ReplaceFileA
GetFileAttributesA
GlobalGetAtomNameA
ExpandEnvironmentStringsW
AddAtomW
lstrcpynA
GetProcAddress
GetComputerNameA
GetMailslotInfo
OpenMutexA
GetVolumeInformationA
FreeResource
SetUnhandledExceptionFilter
GetVersionExA
GetHandleInformation
GetCurrentDirectoryW
FindResourceW
GetTempPathA
FindResourceA
LocalAlloc

user32

RemoveMenu
UnregisterClassA
LoadBitmapA
SetCursorPos
GetWindowTextW
LoadCursorA
DefWindowProcA
wvsprintfW
GetMenuItemCount
RegisterClassA
IsCharUpperA
CreatePopupMenu
SetMenu
FillRect
GetDC
PostMessageA

gdi32

GetDIBits
EnumObjects
GetTextExtentExPointI
SetWinMetaFileBits
GetEnhMetaFileDescriptionA
GetCharABCWidthsA
PtInRegion
CreateDIBSection
GetMiterLimit
GetTextMetricsA
FontIsLinked
GetGraphicsMode

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCreateKeyW
RegSaveKeyA
RegCreateKeyExW
RegQueryInfoKeyW

shlwapi

SHRegSetPathW
PathCompactPathA
PathIsFileSpecA
SHRegEnumUSKeyA
UrlIsW
SHRegDeleteUSValueW
StrSpnW
PathBuildRootW
SHRegGetPathW
SHDeleteValueW
PathAddExtensionW
PathGetDriveNumberW
PathUndecorateW
PathRemoveFileSpecA
StrFormatByteSizeA
UrlCombineA

comctl32

ImageList_Duplicate
ImageList_DrawIndirect
InitMUILanguage
ImageList_BeginDrag
ImageList_LoadImageA
InitializeFlatSB

version

VerInstallFileW
VerLanguageNameW
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW

wininet

InternetGoOnlineW
FtpSetCurrentDirectoryW
InternetCloseHandle
FtpGetFileSize
CommitUrlCacheEntryA
SetUrlCacheHeaderData
HttpOpenRequestA
InternetLockRequestFile
InternetWriteFileExA
ShowX509EncodedCertificate
InternetQueryOptionA
HttpSendRequestW
FtpRenameFileA
GopherOpenFileA
InternetTimeFromSystemTime
InternetHangUp
InternetOpenUrlW
FindFirstUrlCacheEntryW
DeleteUrlCacheGroup

winspool.drv

DeletePrinterDriverExA
AddPrinterConnectionW

crypt32

CertEnumCRLsInStore
CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptVerifyMessageSignatureWithKey
I_CryptGetLruEntryIdentifier
CertDuplicateCTLContext
CryptSIPCreateIndirectData
CertAddCTLLinkToStore
CertUnregisterSystemStore
CryptImportPublicKeyInfoEx
CryptSignMessage
CryptHashToBeSigned
CertFindCTLInStore
CryptSIPRemoveProvider
CryptDecryptMessage
CryptVerifyCertificateSignatureEx
CryptSIPAddProvider
CryptDecodeObject
CryptGetKeyIdentifierProperty

Sections

.j
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kJGTo
Size: 3KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jlbS
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SOV
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Bmkbj
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Uj
Size: 1024B - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dMYm
Size: 4KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.WwMKI
Size: 2KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wo
Size: 4KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IbJKtH
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2da30ccd73ae658516f9d92f6082d608

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

comctl32

version

wininet

winspool.drv

crypt32

Sections

.j Size: 1KB - Virtual size: 1KB

.kJGTo Size: 3KB - Virtual size: 90KB

.jlbS Size: 83KB - Virtual size: 82KB

.SOV Size: 13KB - Virtual size: 13KB

.Bmkbj Size: 3KB - Virtual size: 4KB

.Uj Size: 1024B - Virtual size: 312KB

.dMYm Size: 4KB - Virtual size: 25KB

.WwMKI Size: 2KB - Virtual size: 246KB

.wo Size: 4KB - Virtual size: 220KB

.IbJKtH Size: 83KB - Virtual size: 83KB

.data Size: 5KB - Virtual size: 127KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 1024B - Virtual size: 1024B

.j
Size: 1KB - Virtual size: 1KB

.kJGTo
Size: 3KB - Virtual size: 90KB

.jlbS
Size: 83KB - Virtual size: 82KB

.SOV
Size: 13KB - Virtual size: 13KB

.Bmkbj
Size: 3KB - Virtual size: 4KB

.Uj
Size: 1024B - Virtual size: 312KB

.dMYm
Size: 4KB - Virtual size: 25KB

.WwMKI
Size: 2KB - Virtual size: 246KB

.wo
Size: 4KB - Virtual size: 220KB

.IbJKtH
Size: 83KB - Virtual size: 83KB

.data
Size: 5KB - Virtual size: 127KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 1024B - Virtual size: 1024B