ecdf54e2967e5811546d25b5ac5cd3b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ecdf54e2967e5811546d25b5ac5cd3b9_JaffaCakes118
Size

83KB
MD5

ecdf54e2967e5811546d25b5ac5cd3b9
SHA1

36345d9b9edae35b7efe3c9b835b9789c66709c4
SHA256

0be5ed9dcb6781f09dd19f13f708801fad7e13860e07830c661f466d8c3d762a
SHA512

d9edccfc5cd087f0e119b5e1bdf4f0b506315ec8ed43bf7709a35ae478ea5acd3aedd8f478e5e6148e1069c3919847bfe494d5e5c6bb03d37191059db21efac9
SSDEEP

1536:ZkkpFqbmn4ROadFKR86Usu8IXLm5YAkfpiFPKwBVIbXDDzRrmBwZVC8A:ZZjqbmkdFK20u8IXLoY/piywwDNRU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecdf54e2967e5811546d25b5ac5cd3b9_JaffaCakes118

Files

ecdf54e2967e5811546d25b5ac5cd3b9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8b0cb9fcfa69b278d2bb363aa7b24b01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathIsSystemFolderW
SHRegisterValidateTemplate
PathRemoveFileSpecW
SHAutoComplete
SHRegCloseUSKey
StrCSpnIA
PathIsSystemFolderA
SHRegGetUSValueA
UrlCreateFromPathW
PathCompactPathA
PathSkipRootA
SHStrDupW
AssocQueryKeyW
PathAddExtensionA
StrCSpnW
PathFindNextComponentW
StrStrIA
PathGetCharTypeW
wvnsprintfW
StrStrA

advapi32

LsaQueryForestTrustInformation
BuildImpersonateTrusteeW
RegisterEventSourceW
SetSecurityInfoExW
BuildTrusteeWithSidA
GetTrusteeNameA
SystemFunction001
SaferiRecordEventLogEntry
WmiQuerySingleInstanceW
LsaEnumerateTrustedDomainsEx

msvcrt20

??6ostream@@QAEAAV0@F@Z
_ismbcalnum
??5istream@@QAEAAV0@AAM@Z
?writepad@ostream@@AAEAAV1@PBD0@Z
??6ostream@@QAEAAV0@O@Z
??0istrstream@@QAE@PAD@Z
_gcvt
??1strstream@@UAE@XZ
strpbrk
iswalpha
?setg@streambuf@@IAEXPAD00@Z
_tcspbrk

kernel32

WriteConsoleInputVDMW
GetSystemTimeAsFileTime
GetTickCount
GetMailslotInfo
GetModuleHandleW
GetCurrentThreadId
QueryPerformanceCounter
GetTapeParameters
SetCurrentDirectoryA
LoadLibraryA
GetCurrentProcessId
WriteConsoleA
DisconnectNamedPipe
ReadDirectoryChangesW
FormatMessageA
GetTempFileNameW
InvalidateConsoleDIBits
VerifyConsoleIoHandle
VirtualAlloc

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b0cb9fcfa69b278d2bb363aa7b24b01

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

msvcrt20

kernel32

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 15KB - Virtual size: 39KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 264B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 15KB - Virtual size: 39KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 264B