ea74bdffd6d6b97a89a07341b29c0768_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ea74bdffd6d6b97a89a07341b29c0768_JaffaCakes118
Size

100KB
MD5

ea74bdffd6d6b97a89a07341b29c0768
SHA1

d4c8fb802558a8f76554f11f2586729ca9610743
SHA256

e84ca5a164dd348c448d767b39d0cd5fcfdf23328ebf4f86fac5bd3ddb36e9ba
SHA512

d7c02559c8168dd5138a01254202619f885a41e8af2b9867ac61d7d28bf26d711146b17f7a02fefa9ceb36a56d87bbd0aa1b4db9a22de2fe3aa730ab9f233df4
SSDEEP

1536:5WRO2+lPyE0nFQEapsQpV3nfSCY6LDgIZeGw8EgSWBk2ZUpeqnQq9u7CH:5WRO2GPIFQHCK3fX3Ddwd+1QQ77CH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea74bdffd6d6b97a89a07341b29c0768_JaffaCakes118

Files

ea74bdffd6d6b97a89a07341b29c0768_JaffaCakes118
.exe windows:4 windows x86 arch:x86

818acc8541d0ab475362b95f869f0024

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtCancelTimer
wcsstr
NtWriteFileGather
RtlNewSecurityObject
wcslen
NtClose
NtOpenFile
RtlCutoverTimeToSystemTime
ZwClose
_wcslwr

mtxclu

MtxCluGetComputerNameW
MtxCluGetDTCVirtualServerNameW
MtxCluGetDTCStatusW
MtxCluIsClusterPresentExW
MtxCluIsClusterPresent
MtxCluIsSameNodeW
MtxCluBringOnlineDTCW

usp10

ScriptGetFontProperties
ScriptStringFree
ScriptStringAnalyse
ScriptGetProperties
ScriptStringGetLogicalWidths
LpkPresent
ScriptIsComplex
UspAllocCache
ScriptStringGetOrder
UspFreeMem
ScriptRecordDigitSubstitution

mprapi

MprAdminConnectionEnum
MprAdminInterfaceSetInfo
MprInfoBlockAdd
MprAdminServerDisconnect
MprConfigBufferFree
MprAdminInterfaceDisconnect
MprAdminInterfaceTransportAdd
MprInfoBlockRemove
MprConfigGetGuidName
MprConfigInterfaceCreate
MprAdminServerConnect
MprAdminUserSetInfo
MprConfigServerConnect
MprConfigInterfaceTransportSetInfo
MprInfoDelete
MprAdminMIBEntryGetNext
MprAdminMIBEntryGet
MprAdminMIBBufferFree
MprAdminInterfaceTransportSetInfo

msvcrt

__p__commode
__p__osver
rand
_fstati64
setbuf
__p__iob
iswspace
__p__fmode
difftime
_access
_mktemp

user32

GetDC
SetForegroundWindow
DdeQueryStringA
VkKeyScanW
GetMenu
GetSystemMetrics
GetFocus
LoadCursorW
SetUserObjectSecurity
OpenInputDesktop
EnumDisplaySettingsW
UpdateLayeredWindow
LoadStringW
GetDesktopWindow
DispatchMessageA
wsprintfA

kernel32

GetCurrentProcess
GetCommMask
GetCurrentProcessId
GetACP
GetFileTime
GetLastError
GlobalGetAtomNameA
GetCurrentThreadId
GetCommandLineW
GetTickCount
Sleep
GetModuleHandleW
ExitProcess
PostQueuedCompletionStatus
GetCommandLineA
GetVersion
GetCurrentThread
GetModuleHandleA
EnumTimeFormatsW
WaitCommEvent
SetConsoleCP
CreateMailslotW
OpenEventA
CreateIoCompletionPort
GetProcessHeap
GetEnvironmentVariableW
VirtualAlloc
GetNamedPipeInfo

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2.9MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 99KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

818acc8541d0ab475362b95f869f0024

Headers

File Characteristics

Imports

ntdll

mtxclu

usp10

mprapi

msvcrt

user32

kernel32

Sections

.text Size: 11KB - Virtual size: 10KB

.edata Size: - Virtual size: 453KB

.idata Size: 2.9MB - Virtual size: 5.5MB

.tls Size: - Virtual size: 3KB

DATA Size: 512B - Virtual size: 24B

.rsrc Size: 99KB - Virtual size: 100KB

.text
Size: 11KB - Virtual size: 10KB

.edata
Size: - Virtual size: 453KB

.idata
Size: 2.9MB - Virtual size: 5.5MB

.tls
Size: - Virtual size: 3KB

DATA
Size: 512B - Virtual size: 24B

.rsrc
Size: 99KB - Virtual size: 100KB