e989fab4f7191c8b821a5a283d36e788_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e989fab4f7191c8b821a5a283d36e788_JaffaCakes118
Size

244KB
MD5

e989fab4f7191c8b821a5a283d36e788
SHA1

e753a04b3abe523ace3184bc919368f909dd50ce
SHA256

e1d26aeeaaf6e567bbbe8f6ea156df867d4b5307cd48e29841ac4fba3f5a9edb
SHA512

c0e51791c03ed01fa8b724dfbfd7d3ed84b94f140b9be2a815e2ac53442146c4fe0735a0d1007e5e75faa281a6db647b9e17640f9f3e49711ea0b4f29771b97f
SSDEEP

3072:U3sKAOzhvr8jz2ybOGDXBAvq5ipB1aC+9mjNRxkMVrVh5GnM4KuHhRX52AZ4KD38:U8KAOzhCcB17+9wRGmrV6ZBEASKDxVZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e989fab4f7191c8b821a5a283d36e788_JaffaCakes118

Files

e989fab4f7191c8b821a5a283d36e788_JaffaCakes118
.exe windows:4 windows x86 arch:x86

628e29091433a39d8121e10ff403db03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenMutexA
SetEnvironmentVariableA
InterlockedIncrement
LoadLibraryA
FindAtomW
GetCurrentProcessId
FindNextVolumeW
SetErrorMode
MapViewOfFile
SetNamedPipeHandleState
GetCurrentThreadId
GetExitCodeThread
ExitProcess
FindAtomA
CloseHandle
ReadConsoleOutputW
VirtualAlloc
VirtualProtect
Sleep
SetMailslotInfo
AreFileApisANSI

wmi

WmiCloseBlock
WmiNotificationRegistrationW
WmiOpenBlock
WmiSetSingleInstanceW
WmiQuerySingleInstanceW
WmiQueryAllDataW

dhcpsapi

DhcpGetVersion
DhcpSetSubnetInfo
DhcpSetMScopeInfo
DhcpScanMDatabase
DhcpDeleteServer
DhcpGetServerBindingInfo
DhcpGetClientInfoV4
DhcpEnumSubnets
DhcpGetAllOptions
DhcpAddMScopeElement

gdi32

ExtTextOutW
CreateEnhMetaFileW
PolyBezierTo
GdiSetLastError
CreateRoundRectRgn
CopyEnhMetaFileA
GetClipRgn
SetWinMetaFileBits
CreateFontA
GetCharABCWidthsFloatW
SetArcDirection
GetTextCharset

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 70KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.textbs
Size: 65KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 76KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

628e29091433a39d8121e10ff403db03

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wmi

dhcpsapi

gdi32

Sections

.text Size: 14KB - Virtual size: 13KB

.edata Size: 512B - Virtual size: 33KB

.orpc Size: 70KB - Virtual size: 149KB

.textbs Size: 65KB - Virtual size: 148KB

DATA Size: 76KB - Virtual size: 170KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 14KB - Virtual size: 13KB

.edata
Size: 512B - Virtual size: 33KB

.orpc
Size: 70KB - Virtual size: 149KB

.textbs
Size: 65KB - Virtual size: 148KB

DATA
Size: 76KB - Virtual size: 170KB

.rsrc
Size: 17KB - Virtual size: 16KB