JaffaCakes118_72fd9ce404912f347f8bf15ccd46544e

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_72fd9ce404912f347f8bf15ccd46544e
Size

286KB
MD5

72fd9ce404912f347f8bf15ccd46544e
SHA1

b2e94b53d3f6a7dc4119e70c2f6c8bd945b3663a
SHA256

06b98ae6e0f0df4e0e186c7c1c8d3ec4bc19fe245160af674794d05d73a28a39
SHA512

c222a420291ee95a67ac406afc8f85028da7ecb054bb0f6c490bb2f00c23dbf3ebec35d08bfec840d24c5683ebe68e3ef4ae9e7b0d7f80e489c05e2f040970b6
SSDEEP

6144:kzdQANkh/dV/JxzVCn/GdqN/fYFDVAFCacgh:0WKkhvH5QtN/ACNPh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_72fd9ce404912f347f8bf15ccd46544e

Files

JaffaCakes118_72fd9ce404912f347f8bf15ccd46544e
.exe windows:4 windows x86 arch:x86

2af5c42d70c62bda752d5820a7bbae59

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsUNCA

ole32

CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance

oleaut32

SafeArrayCopy
SafeArrayGetLBound
SysAllocString
VariantCopy
SafeArrayGetUBound
SafeArrayLock
GetErrorInfo
VariantChangeType
VariantClear
SysFreeString
SysAllocStringLen
VariantInit
SafeArrayDestroy
SafeArrayUnlock

kernel32

GetSystemTimeAsFileTime
MapViewOfFile
GetFullPathNameA
CreateEventA
UnmapViewOfFile
CreateMutexA
EnterCriticalSection
FreeLibrary
FindResourceExA
HeapFree
FindResourceA
FindClose
MoveFileA
DeleteCriticalSection
RemoveDirectoryA
FindFirstFileA
PulseEvent
LocalAlloc
FindNextFileA
WriteFile
HeapSize
CreateSemaphoreA
CreateFileMappingA
FormatMessageA
DeleteFileA
ReleaseMutex
WaitForMultipleObjects
LockResource
GetUserDefaultLCID
ReleaseSemaphore
SetProcessWorkingSetSize
TlsGetValue
GetProcessHeap
SetFilePointer
SetFileAttributesA
GetThreadLocale
lstrcmpiA
ReadFile
OpenEventA
HeapReAlloc
LoadResource
LCMapStringA
WideCharToMultiByte
HeapDestroy
CreateDirectoryA
WaitForSingleObject
TlsSetValue
HeapAlloc
lstrlenA
OpenProcess
GetACP
GetModuleHandleA
CloseHandle
GetCurrentThreadId
LeaveCriticalSection
lstrlenW
CreateFileA
SizeofResource
OpenFileMappingA
CopyFileA
RaiseException
LocalFree
LoadLibraryW
VirtualAlloc

user32

ExitWindowsEx
wsprintfA
LoadStringA

rpcrt4

RpcStringFreeA
UuidFromStringA
UuidToStringA

mpr

WNetAddConnection2A
WNetCancelConnection2A

esent

JetCreateTable
JetBeginTransaction
JetAddColumn
JetDeleteColumn
JetGetLogInfo
JetEndExternalBackup
JetAttachDatabase2
JetGetSystemParameter
JetResetTableSequential
JetGetLogInfoInstance
JetOSSnapshotFreeze
JetUpdate
JetReadFileInstance
JetGrowDatabase
JetDefragment
JetSetDatabaseSize
JetDelete
JetIdle
JetCompact
JetMakeKey
JetReadFile

netplwiz

DllGetClassObject

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2af5c42d70c62bda752d5820a7bbae59

Headers

File Characteristics

Imports

shlwapi

ole32

oleaut32

kernel32

user32

rpcrt4

mpr

esent

netplwiz

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 245KB - Virtual size: 1.1MB

.rdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 245KB - Virtual size: 1.1MB

.rdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 16KB