ea42645ccffd820b43e1ce511cee0c7d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea42645ccffd820b43e1ce511cee0c7d_JaffaCakes118
Size

56KB
MD5

ea42645ccffd820b43e1ce511cee0c7d
SHA1

6b1a9ebe3a354cefb36ef17f84b8cb024628e368
SHA256

1c83d35ac2b460ae9758621353502e3ecb4a8698eb6146048be4cbdf4f1d2809
SHA512

4e1742f651029ed83bccf5f15bfaea529ce82f8ccb3c7ba1d5b4d1bc74ee1e01c0eb836b73e2bbb5c8b25e18199fdd595579e5b786c1393947ef1939a1c6849f
SSDEEP

1536:mKpd1DiYqcmappA09dozW+OLoaKYFqWQJ5sX:mMLDiGmaXh98O1lUo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea42645ccffd820b43e1ce511cee0c7d_JaffaCakes118

Files

ea42645ccffd820b43e1ce511cee0c7d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

99ba7aaa339d26c0a15bcc322e4131aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DisconnectNamedPipe
SetConsoleKeyShortcuts
SetThreadIdealProcessor
GetLocaleInfoA
DeleteTimerQueueEx
GlobalGetAtomNameW
BackupSeek
SetVolumeMountPointW
GlobalGetAtomNameA
GetConsoleInputWaitHandle
FlushViewOfFile
VerLanguageNameA
SetConsoleActiveScreenBuffer
DnsHostnameToComputerNameW
EnumResourceNamesA
_llseek
FindNextVolumeMountPointW
InterlockedExchange
SetFileAttributesA
BackupWrite
GetUserDefaultUILanguage
TerminateThread
HeapCreate
GetVolumeNameForVolumeMountPointA
CreateHardLinkW
GetCommMask
LoadLibraryA
WaitForDebugEvent
GetConsoleAliasExesW
CallNamedPipeA
ExitProcess
QueueUserWorkItem
GetEnvironmentVariableW
GetBinaryTypeA
FindResourceExA
GetNumberOfConsoleMouseButtons
GetVolumePathNamesForVolumeNameA
ReadConsoleInputA
GlobalAddAtomA
GetFileSize
IsValidLocale
SetConsoleLocalEUDC
LocalShrink
SetThreadPriority
VirtualAlloc
GenerateConsoleCtrlEvent
SetMessageWaitingIndicator
ProcessIdToSessionId
BindIoCompletionCallback
SetVDMCurrentDirectories
VerifyVersionInfoW
SetThreadLocale
GetDefaultCommConfigA
SetConsoleCursor

psapi

EnumProcessModules
EnumDeviceDrivers
GetDeviceDriverFileNameA
GetProcessImageFileNameA
EmptyWorkingSet
GetModuleFileNameExA
EnumProcesses
EnumPageFilesA
GetMappedFileNameW
QueryWorkingSet
GetDeviceDriverFileNameW
GetModuleInformation
GetModuleFileNameExW
GetWsChanges
GetProcessImageFileNameW
GetMappedFileNameA
GetDeviceDriverBaseNameW
EnumPageFilesW
GetDeviceDriverBaseNameA
InitializeProcessForWsWatch
GetModuleBaseNameA
GetProcessMemoryInfo
GetPerformanceInfo
GetModuleBaseNameW

winipsec

DeleteMMPolicy
DeleteTransportFilter
GetQMPolicy
SetMMAuthMethods
GetMMPolicy
GetMMPolicyByID
MatchTunnelFilter
CloseTransportFilterHandle
OpenTransportFilterHandle
MatchMMFilter
EnumMMFilters
EnumTransportFilters
AddMMFilter
OpenTunnelFilterHandle
OpenMMFilterHandle
EnumMMPolicies
EnumQMSAs
DeleteQMPolicy
DeleteTunnelFilter
GetQMPolicyByID
AddTransportFilter
EnumIPSecInterfaces
AddTunnelFilter
DeleteMMAuthMethods
EnumTunnelFilters
EnumQMPolicies
SetMMPolicy
DeleteMMFilter

advapi32

SetSecurityDescriptorGroup
InitializeSecurityDescriptor
SystemFunction029
SetNamedSecurityInfoExA
LsaAddPrivilegesToAccount
LsaEnumerateTrustedDomainsEx
AddAccessAllowedAce
OpenEventLogA
RemoveTraceCallback
LogonUserW
CreateProcessAsUserA
LsaOpenPolicySce
LookupSecurityDescriptorPartsW
TraceEventInstance
TreeResetNamedSecurityInfoW
CredpEncodeCredential
CryptSetKeyParam
ElfReportEventA
WmiQuerySingleInstanceA
RegDeleteValueA
LsaSetSecurityObject
SetEntriesInAuditListW
CryptDeriveKey
LsaQuerySecret
RegSaveKeyA
QueryServiceConfigW
FreeEncryptedFileKeyInfo

user32

MonitorFromPoint
UnhookWinEvent
TranslateMessage
GetCursorPos
TranslateAcceleratorA
DdeNameService
CharToOemBuffA
EnableWindow
GetRawInputDeviceInfoA
CallWindowProcW
CascadeChildWindows
VkKeyScanW
GetScrollBarInfo
DrawCaptionTempW
UnpackDDElParam
InternalGetWindowText
IsCharUpperA
SetMenuItemBitmaps
SetActiveWindow
SetWindowsHookW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99ba7aaa339d26c0a15bcc322e4131aa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

winipsec

advapi32

user32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 16KB - Virtual size: 90KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 172B

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 16KB - Virtual size: 90KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 172B