ed32332f54c41fc2a674613213d6a8ec_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ed32332f54c41fc2a674613213d6a8ec_JaffaCakes118
Size

43KB
MD5

ed32332f54c41fc2a674613213d6a8ec
SHA1

57df8fdb27c3715d6e9ca746750d239f7bff1518
SHA256

425cecb76969975efd64c5460d7e2a87f8dabd73b47c271ca573a7a04debcb5e
SHA512

596c04d0882eaed4c4af12bbe843deb322ce3ae8fd9c96c30408b095891bb5f687bc16a6c37f1ea4805d68452d26d99fde6b6fd3d022806161500713ea1485f7
SSDEEP

768:BFXD2984oqQd0wvtRdBIRPdGuuNF2MaC17T53wRYhRLxTbBq1u6Aq2lKrU:DXDw84oYgtWRPgbGktyYhoYfqUKrU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed32332f54c41fc2a674613213d6a8ec_JaffaCakes118

Files

ed32332f54c41fc2a674613213d6a8ec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a8f13d3c2bd3a588a54971a8890c9cb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysReAllocString
RegisterActiveObject
VarCyMul
VarI4FromUI2
VarCyFromUI1
VarUI8FromI1
VarUI1FromI8
SafeArrayUnlock
VarI4FromStr
VarFormatPercent
VarUI2FromUI1
VarUI4FromI1
VarUI4FromUI8
VarI8FromUI8
VarNot
VarNeg
VarUI4FromDec

comdlg32

ChooseColorW
PrintDlgA
PrintDlgExA
ChooseFontA
GetFileTitleA
ReplaceTextA
LoadAlterBitmap
ChooseFontW
GetOpenFileNameA
PrintDlgExW
ChooseColorA
dwLBSubclass
PageSetupDlgA
ReplaceTextW
GetSaveFileNameW

advapi32

OpenEncryptedFileRawW
WmiQueryAllDataMultipleA
SetSecurityInfo
AllocateAndInitializeSid
LsaSetSecurityObject
GetMultipleTrusteeA
LookupPrivilegeValueW
EqualPrefixSid
RegFlushKey
SystemFunction007
AccessCheckByTypeResultListAndAuditAlarmA
CredIsMarshaledCredentialW
ElfReportEventA
GetSidSubAuthorityCount
WmiNotificationRegistrationA
IsTokenUntrusted
WmiFreeBuffer

kernel32

SetConsoleMode
DosPathToSessionPathA
GetTapeParameters
Sleep
GetVersion
NlsGetCacheUpdateCount
LZInit
GetOverlappedResult
ReplaceFileA
VirtualAlloc
GetModuleHandleExA
WritePrivateProfileSectionW
WriteConsoleOutputW
GetSystemDirectoryA
IsValidLocale
LoadLibraryA
GlobalCompact
GetProcessIoCounters
GetPrivateProfileStructW
GetVolumeInformationW
GetConsoleNlsMode
DosPathToSessionPathW
CreateSemaphoreA
QueryMemoryResourceNotification
Process32First
ReplaceFileW
Toolhelp32ReadProcessMemory
QueueUserWorkItem
MoveFileWithProgressA
RemoveDirectoryW
GetCalendarInfoA
SetComputerNameExA
GetNativeSystemInfo
InterlockedPopEntrySList

rasctrs

CollectRasPerformanceData
OpenRasPerformanceData
CloseRasPerformanceData

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1022B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8f13d3c2bd3a588a54971a8890c9cb8

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

comdlg32

advapi32

kernel32

rasctrs

Sections

.text Size: 28KB - Virtual size: 27KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 1022B

.reloc Size: 512B - Virtual size: 260B

.text
Size: 28KB - Virtual size: 27KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 1022B

.reloc
Size: 512B - Virtual size: 260B