f244455ce0c1cb0e875885d817814d22_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f244455ce0c1cb0e875885d817814d22_JaffaCakes118
Size

55KB
MD5

f244455ce0c1cb0e875885d817814d22
SHA1

c63fd662b2b937a769bb9e6400bba3b314af8d4d
SHA256

f926771b818a0e3e179f7c5afea534577df2ebec58d1f8999ae825bfb23c52be
SHA512

b84b1c99e11f72ba88fbcc442874de72b0939e6c1e9eb8511ad03eff3a94658d01601080f2291f70b530fd81b0660ce7fc6fa3f3b11cd29cd64943c63d2c6543
SSDEEP

768:ZBlBGgITHskUuvrbGfBwE4hVpztWHxrsMkQwg9ghFTV3D+JM135GPPPPPPPPPPPv:DGgITHskUujSezteNkQRcNVHub

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f244455ce0c1cb0e875885d817814d22_JaffaCakes118

Files

f244455ce0c1cb0e875885d817814d22_JaffaCakes118
.exe windows:5 windows x86 arch:x86

57b312d328fc1e05d91f3acb8b5f128f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
SetEvent
SetLastError
OpenProcess
InterlockedIncrement
RaiseException
InterlockedDecrement
GetProcAddress
GetSystemDirectoryW
LocalAlloc
LocalFree
GetModuleHandleW
GetModuleHandleA
GetVersionExW
HeapSetInformation
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
InterlockedExchange
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetLastError
QueryPerformanceCounter
GetProcessHeap
LoadLibraryA
OpenEventW
Sleep
ExitProcess
CreateThread
CreateEventW
WaitForSingleObject
CloseHandle
GetTickCount
ExitThread

msvcrt

_initterm
__getmainargs
__setusermatherr
_XcptFilter
_exit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_wcsicmp
_except_handler3
_c_exit
_stricmp
_wcsnicmp
wcslen
wcsrchr
__initenv

advapi32

RegisterServiceCtrlHandlerExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetServiceStatus
StartServiceCtrlDispatcherW
RegDisablePredefinedCache

gdi32

GdiInitSpool
GdiGetSpoolMessage
bMakePathNameW

rpcrt4

RpcServerRegisterIf2
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2
RpcMgmtSetServerStackSize
RpcServerRegisterAuthInfoW
RpcServerListen
RpcServerUseProtseqEpA

ntdll

RtlValidRelativeSecurityDescriptor

Exports

Exports

YDriverUnloadComplete
YEndDocPrinter
YFlushPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSplReadPrinter
YWritePrinter

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57b312d328fc1e05d91f3acb8b5f128f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

gdi32

rpcrt4

ntdll

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB