ed3fd4c85d3c49aefde4067641628670_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ed3fd4c85d3c49aefde4067641628670_JaffaCakes118
Size

144KB
MD5

ed3fd4c85d3c49aefde4067641628670
SHA1

094f63099d429bf2b62ca7f825427b0d0eae00a5
SHA256

39e0dbb99c5fb268bf5f1bc4af72acdf4205548c9cf5a66086ddfc6e4c4cbee6
SHA512

6291d37b408d20dcc4ca44d3ad4c0f642532817940c3e54074655775e922e3ac39d6bbd4ef28901b6634085c37b0656f247a74d5821c8642b23adec13ba6b749
SSDEEP

3072:L3m7SGVtlRqobyHH7An/y8L3tG/gPcTQb06VV21McEKM0D:Cn7lRqoO7An/yKd+TQ40VDRKMe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed3fd4c85d3c49aefde4067641628670_JaffaCakes118

Files

ed3fd4c85d3c49aefde4067641628670_JaffaCakes118
.exe windows:5 windows x86 arch:x86

25495cbb066abf8c9abdeb8d5e550217

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscms

GetCMMInfo
CreateDeviceLinkProfile
UninstallColorProfileW
UninstallColorProfileA
GetColorProfileElement
OpenColorProfileW
InternalGetPS2CSAFromLCS
ConvertColorNameToIndex
GetColorProfileFromHandle
GetPS2ColorRenderingDictionary
RegisterCMMA
GetStandardColorSpaceProfileW
RegisterCMMW
SetColorProfileElementSize
AssociateColorProfileWithDeviceA
DeleteColorTransform
TranslateBitmapBits
DisassociateColorProfileFromDeviceW
SetColorProfileHeader
SetStandardColorSpaceProfileA
SelectCMM
InternalGetPS2PreviewCRD
SetStandardColorSpaceProfileW

rtm

DeleteFromTable
RtmGetRouteAge
RtmUpdateAndUnlockRoute
DestroyTable
MgmGetMfe
RtmLockNextHop
RtmReleaseDests
RtmGetInstanceInfo
CreateTable
MgmGetFirstMfeStats
RtmGetEntityMethods
RtmRegisterClient
RtmHoldDestination
RtmGetRoutePointer
RtmLockDestination
RtmGetMostSpecificDestination
RtmBlockConvertRoutesToStatic
NextMatchInTable
RtmReleaseEntities
RtmAddRoute
RtmDeleteRoute
RtmGetChangedDests
RtmIsRoute
RtmGetRegisteredEntities

msasn1

ASN1BERDecGeneralizedTime
ASN1_FreeDecoded
ASN1bitstring_cmp
ASN1DecSetError
ASN1_GetEncoderOption
ASN1BEREncBool
ASN1CEREncEndBlk
ASN1CEREncZeroMultibyteString
ASN1BEREncExplicitTag
ASN1BEREncEoid
ASN1BERDecOpenType2
ASN1BERDecCheck
ASN1ztcharstring_free
ASN1_Decode
ASN1BEREoid_free
ASN1BEREncCheck
ASN1BEREncMultibyteString
ASN1_CreateEncoder
ASN1_CloseEncoder
ASN1_GetDecoderOption
ASN1octetstring_cmp
ASN1BERDecOctetString
ASN1intx_free
ASN1CEREncOctetString
ASN1_CloseModule
ASN1utf8string_free

kernel32

GetTempPathW
SetTermsrvAppInstallMode
InitializeCriticalSection
ReadConsoleInputExW
GetThreadPriorityBoost
QueueUserWorkItem
CreateTapePartition
SetPriorityClass
GetProfileSectionW
HeapCompact
GetProcessAffinityMask
LoadLibraryW
GetOEMCP
ConvertFiberToThread
AddVectoredExceptionHandler
GetEnvironmentVariableA
lstrcat
GetModuleHandleA
LoadModule
RemoveDirectoryA
MulDiv
SetConsoleTextAttribute
GlobalReAlloc
FatalExit
EndUpdateResourceW
HeapWalk
CreateRemoteThread
ReadFile

linkinfo

DestroyLinkInfo
CompareLinkInfoVolumes
CreateLinkInfo
ResolveLinkInfo
IsValidLinkInfo
GetLinkInfoData
GetCanonicalPathInfo
DisconnectLinkInfo
CreateLinkInfoA
CreateLinkInfoW
CompareLinkInfoReferents
GetCanonicalPathInfoW
GetCanonicalPathInfoA
ResolveLinkInfoW
ResolveLinkInfoA

msvcrt

_ungetch
__unDName
_open
_adj_fprem
_ecvt
_logb
_wutime64
_spawnl
??4exception@@QAEAAV0@ABV0@@Z
_open_osfhandle
_setjmp3
_cscanf
_wspawnlp
__set_app_type
_wcsdup
_vsnprintf
__winitenv
_mbsinc
?name@type_info@@QBEPBDXZ
exit
__getmainargs
_getdllprocaddr
_scalb
_fsopen
wcsncpy
__p__commode
isleadbyte
clearerr
_commit
wcsncmp
_mbctype
_adj_fprem1
_mbsnbcnt
??_Gbad_typeid@@UAEPAXI@Z

mprapi

MprAdminIsDomainRasServer
MprConfigGetFriendlyName
MprAdminTransportSetInfo
MprConfigInterfaceTransportSetInfo
MprAdminPortEnum
MprConfigTransportGetHandle
MprAdminUserWriteProfFlags
MprInfoCreate
MprInfoRemoveAll
MprAdminTransportGetInfo
MprAdminMIBEntryGetNext
MprInfoBlockQuerySize
MprAdminBufferFree
MprConfigInterfaceTransportRemove
MprAdminUpgradeUsers
MprConfigInterfaceEnum
MprAdminServerDisconnect
MprAdminInterfaceGetCredentials
MprAdminServerConnect
MprAdminInterfaceDelete
MprAdminInterfaceSetCredentials
MprAdminInterfaceSetCredentialsEx
MprConfigServerRefresh
MprConfigServerRestore
MprAdminMIBServerDisconnect

user32

GetNextDlgTabItem
CharUpperA
GetMonitorInfoA
SetSysColors
RegisterClassW
PostQuitMessage
EqualRect
MapVirtualKeyExA
CharPrevA
NotifyWinEvent
ChangeMenuA
wvsprintfA
GetFocus
DefWindowProcW
CreateDialogParamA

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25495cbb066abf8c9abdeb8d5e550217

Headers

File Characteristics

Imports

mscms

rtm

msasn1

kernel32

linkinfo

msvcrt

mprapi

user32

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 82KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 82KB

.rsrc
Size: 3KB - Virtual size: 2KB