JaffaCakes118_2cd208f2506e267ab534ba3afa7fa448

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_2cd208f2506e267ab534ba3afa7fa448
Size

286KB
MD5

2cd208f2506e267ab534ba3afa7fa448
SHA1

190153e296dd3e9d63640f161d5d07af90d8f7a6
SHA256

5a408dd275f830f4c7796eb5dfd674c9bd5ffdc42ebc9afc0d83bd186b4ccb1f
SHA512

a8a037f47526fbb30b2a2424c231468d791cee0cd8f3698a1c94b963ce2ace97fb5930dc76e3b3f310a75dad15db0a2ae1c2a700cba5135bac0d15c1953f2c37
SSDEEP

6144:0zdQANkh/dV/JxzVCn/GdqN/fYFDVAFCacgh:kWKkhvH5QtN/ACNPh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_2cd208f2506e267ab534ba3afa7fa448

Files

JaffaCakes118_2cd208f2506e267ab534ba3afa7fa448
.exe windows:4 windows x86 arch:x86

2af5c42d70c62bda752d5820a7bbae59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCA

ole32

CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance

oleaut32

SafeArrayCopy
SafeArrayGetLBound
SysAllocString
VariantCopy
SafeArrayGetUBound
SafeArrayLock
GetErrorInfo
VariantChangeType
VariantClear
SysFreeString
SysAllocStringLen
VariantInit
SafeArrayDestroy
SafeArrayUnlock

kernel32

GetSystemTimeAsFileTime
MapViewOfFile
GetFullPathNameA
CreateEventA
UnmapViewOfFile
CreateMutexA
EnterCriticalSection
FreeLibrary
FindResourceExA
HeapFree
FindResourceA
FindClose
MoveFileA
DeleteCriticalSection
RemoveDirectoryA
FindFirstFileA
PulseEvent
LocalAlloc
FindNextFileA
WriteFile
HeapSize
CreateSemaphoreA
CreateFileMappingA
FormatMessageA
DeleteFileA
ReleaseMutex
WaitForMultipleObjects
LockResource
GetUserDefaultLCID
ReleaseSemaphore
SetProcessWorkingSetSize
TlsGetValue
GetProcessHeap
SetFilePointer
SetFileAttributesA
GetThreadLocale
lstrcmpiA
ReadFile
OpenEventA
HeapReAlloc
LoadResource
LCMapStringA
WideCharToMultiByte
HeapDestroy
CreateDirectoryA
WaitForSingleObject
TlsSetValue
HeapAlloc
lstrlenA
OpenProcess
GetACP
GetModuleHandleA
CloseHandle
GetCurrentThreadId
LeaveCriticalSection
lstrlenW
CreateFileA
SizeofResource
OpenFileMappingA
CopyFileA
RaiseException
LocalFree
LoadLibraryW
VirtualAlloc

user32

ExitWindowsEx
wsprintfA
LoadStringA

rpcrt4

RpcStringFreeA
UuidFromStringA
UuidToStringA

mpr

WNetAddConnection2A
WNetCancelConnection2A

esent

JetCreateTable
JetBeginTransaction
JetAddColumn
JetDeleteColumn
JetGetLogInfo
JetEndExternalBackup
JetAttachDatabase2
JetGetSystemParameter
JetResetTableSequential
JetGetLogInfoInstance
JetOSSnapshotFreeze
JetUpdate
JetReadFileInstance
JetGrowDatabase
JetDefragment
JetSetDatabaseSize
JetDelete
JetIdle
JetCompact
JetMakeKey
JetReadFile

netplwiz

DllGetClassObject

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2af5c42d70c62bda752d5820a7bbae59

Headers

File Characteristics

Imports

shlwapi

ole32

oleaut32

kernel32

user32

rpcrt4

mpr

esent

netplwiz

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 245KB - Virtual size: 1.1MB

.rdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 245KB - Virtual size: 1.1MB

.rdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 16KB